HIPAA: A Continuous Process for You and Your Staff

Sep 04, 2007 at 10:56 pm by steve


The Health Insurance Portability and Accountability Act — known as HIPAA — has been around for four years, but are healthcare providers really complying with all aspects?

In April 2003, everyone focused on HIPAA Privacy, in which:

Now that four years have passed, what else has happened and what has fallen by the wayside?

Medical Records

Many practices now keep patient data either in a digital image management system (DIMS) or EMR environment. The training that occurred in 2003 may not fit the new environment, so protocol needs to be reviewed and modified, if necessary. The new digital patient documents are just as easy, if not easier, to misplace, release inappropriately or not track as well as paper documents. New employees must be trained, along with other employees, to work with material changes to the documentation. All training must be documented.

Electronic Claims

In late 2003, the healthcare industry changed the way it handles claims. Physician offices that had billed insurers using paper claims began utilizing clearinghouses for claims processing or purchasing software that allowed direct access to the big three payers in Alabama (Blue Cross, Medicare and Medicaid). Four years later, we all take for granted that claims are transmitted electronically. Physicians are sending claims in consistent formats and are being paid more quickly. The average wait for payment after date of service has been greatly reduced. Despite the extra work to implement the electronic claims portion of HIPAA, it was worth it.

HIPAA Security

HIPAA Security, implemented in April 2005, shifted the focus from paper records to digital records. Physicians also began to face the fact that patients want electronic access to physician offices. They want refills via e-mail, and they want to ask questions or schedule appointments without calling the office. HIPAA Security addressed the way electronic communication could travel between the physician and the patient without the risk of interception by an outside party. There is still much work to do in this area, but groups are slowly seeing more electronic access across healthcare.

Security Standards

The individual HIPAA Security standards were developed with a required or an addressable status and with the requirement that policies and procedures be documented. Due to rapidly changing electronic formats in healthcare, your practice’s documents need to be updated to reflect current plans, protocols and practices related to your electronic files and transactions.

National Provider Identifier (NPI)
One of the final goals of HIPAA was to transition from a provider number for each insurance company to one provider number that follows a physician throughout a career. Think of your NPI as a “super UPIN” or a professional identification number.


NPI Registry

In early September, all NPI numbers will be available through the NPI Registry. The large database will allow other healthcare providers to find NPI numbers for use on claims, hospital visits, referrals, etc. Important note: If you listed confidential information when your initial NPI application was completed, that information will also be available to anyone searching the registry.

Privacy
What started out as Privacy has really come a long way toward creating a more consistent environment in healthcare. But take a few minutes to review your practice’s current policies and procedures to confirm that all HIPAA-required actions are being handled appropriately. Remember that part of the program is an annual review and monitoring, including a review to be conducted by the Privacy Officer and reported to the organization’s leadership. At minimum, the Privacy Officer should assess the following areas:

Be sure your practice is in compliance!

September 2007

Sections: Birmingham Archives