Avoid a HIPAA Violation--Review the Basics and Stick to Them
Published on Tue Aug 14, 2007
Guest Columnist: Suzan Hvizdash, BS, CPC, CPC-EMS, CPC-EDS
Just because you're handing out privacy notices doesn't mean you can stop there
Everyone is trying to stay HIPAA-compliant. Whom can we talk to and what can we say regarding a patient's condition? Do we need something in writing from the patient? Whom can we talk to without patient consent? Start at the Beginning To answer these questions, let's briefly review what HIPAA is and why Congress created it.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It addresses three significant areas pertinent to the healthcare community: 1. Insurance portability: This allows individuals to maintain health insurance coverage when switching from one health plan to another, usually because of a change in employment.
For example, Mary has interstitial cystitis and needs periodic treatments. She is looking for a new job but is hesitant to change because she may be without insurance for a period of time. HIPAA was created to help avoid this type of situation.
Prior to HIPAA, the new employer's insurance could enact a pre-existing condition clause for an established period of time. Now, under HIPAA, if Mary was covered under her previous employer's insurance for at least the time frame of the pre-existing condition clause, she would not be subjected to a pre-existing clause with her subsequent employer's health plan. In other words, her insurance would be effective for any condition as soon as she qualified as a new employee. 2. Administrative simplification: This portion of the act requires healthcare providers and insurance plans to standardize the processes they use for exchanging electronic information. This is where the policy that all payers must recognize the same code set developed. 3. Privacy and security: This final piece of the act affecting healthcare deals with the way in which patient's medical information is stored.
Charts, electronic records and other forms of patient's medical information should be stored in a secured and protected area. This could include, but certainly isn't limited to, the physical paper charts and where they are stored, electronic charts and how they are electronically signed and password-protected, and electronic repositories and the monitoring of access to them.
HIPAA was passed to establish guidelines and national standards for handling the confidentiality of our patient's most valuable information. We are now legally charged with protecting this information through HIPAA. Examine HIPAA's Daily Impact So, with that in mind, how does HIPAA affect our day-to-day processes in the medical office? Keep in mind that the office could be a home health agency housed in an office building, an insurance company, a doctor's office or clinic, a hospital floor, an emergency department, or any other area where we have some type of [...]