Confused on HIPAA, let us help.....
QMBS can supply your
practice with HIPAA approved Polices and Procedures forms and Compliance Manual
just designed for your practice.
Call or Email us for a consult on your HIPAA preparations.
We have a checklist that we can go over with you to see if your practice is
The deadline of October 16th, 2003 has
passed. You MUST be HIPAA compliant.
Think you're HIPAA ready?
Here's some questions to answer:
- Do you have your Notice
of Privacy Practices posted?
- Do you have a Code of
Ethics and Conduct in order?
- Does the practice
utilize a patient sign in sheet?
- Are your appointment
books where patients can read them?
- Are your computer
screens where patients can see them?
- Do you have your
patients sign a consent and authorization form?
- Are you filing cabinets
unlocked and where patients can reach them?
- Do you have Business
Associates Agreements with all your employees, contractors, etc?
- Do you have employees
discuss private information on the phone, when patients are in hearing range?
These are just
some questions that will prove if
you are HIPAA compliant. We have a checklist that we can go over with you
to see if your office is HIPAA compliant.
Does HIPAA apply to small practices?
The answer is the Privacy issues apply to all practices. The code sets
apply to physicians using billing centers or billing electronically (which in
the future all physicians will have to do). Generally if you have a
computer make sure that you know how to protect the information on that
computer. HIPAA basically applies to everyone and throughout the next
couple of years it will be getting stronger.
The four Components of HIPAA
- Electronic Transaction and Code Set
- Privacy Standards Requirements
- Security Standards Requirements
- National Identifier Requirements
Who is Affected by HIPAA?
The HIPAA requirements apply directly to 3
specific groups commonly referred to as "Covered Entities". These groups
Providers- Those who transmit any PHI
electronically in connection with a transaction for which standard
requirements have been adopted.
Health Plans - These include any
government (Medicare, etc) or non-government organizations or private plan
that provides or pays for medical care. An exception in the law was granted
to state Workers Compensation plans.
Health Care Clearinghouses - These are
organization that translate nonstandard information into a standard
transaction or covert a standard transaction into a nonstandard format. This
also includes Billing Centers and Repricing Companies.
Do you have to be HIPAA
It's conditional. Definitely if you:
- Employ more than 10 FT employees, you are
required to file Medicare electronically, therefore you are a Covered
- If you use a Billing Center to file your
- If you sign a Business Associates Agreement
- If you are filing ANY claims electronically
If you are an office ran on paper under these
conditions below you are NOT a Covered Entity, therefore you are not required
to be HIPAA compliant.
- Keep records in your office on paper. You
must file paper claims.
- Do NOT use a billing center, clearinghouse
or other third party to conduct transactions such as submitting electronic
claims for you
- Do not volunteer to become HIPAA entity by
function, contract or certification.
- Refuse to sign any Business Associates
- Do not put any patient or practice
information on a computer, everything has to be on paper.
- Do not fax any patient information from your
- Do not reside in a state that mandates that
all providers be HIPAA entities.
If you do ALL these above (and you must do ALL
of them) you are not a Covered Entity and do not have to be HIPAA compliant.
This is what can happen
to you if you're not HIPAA compliant:
Improper use or disclosure
of PHI (Private Health Information) can result in the following fines:
- Civil monetary penalties
for HIPAA privacy violations are $100 per incident, up to $25,000 per person,
per year, per standard
- A person who knowingly
violates HIPAA and obtains IIHI (Individual Identifiable Health Information)
or discloses IIHI to another person may be fined up to $50,000 and imprisoned
up to 1 year, or both.
- If the offense is
committed with the intent to sell, transfer or use IIHI for commercial
advantage, personal gain, or malicious harm, the fine may be up to $250,000
and imprisonment up to 10 years.
holds a Certification of Completion
OIG Compliance guidance training.
Malpractice insurance will NOT cover HIPAA violations!!!!
Helpful HIPAA Links: