Millennium Medical Billing, Inc.: Electronic Medical Billing: HIPAA Compliance System: Compliance Article

Practice Management HIPAA Compliance Now that You Have Filed the October 16, 2002 Extension, What Do You Do? By now you have probably been bombarded with information from hundreds of sources, been to seminars and purchased books regarding how to make your practice HIPAA compliant. I have found that most physicians have some misunderstanding about what it takes to actually be in compliance with HIPAA. Some of these misunderstandings are: "My billing department is handling HIPAA compliance," "My software makes me HIPAA compliant," "I took a quiz on line and based on our responses to the quiz, I am compliant;" and, "I file my claims electronically." I hope to clear up these misunderstanding with the following information. Unless you filed an extension postmarked October 15, 2002, you will expected to have the following in place: Electronic transmissions standards Data backup with off site storage (claims and electronic medical records) Disaster and recovery plan for all patient data Emergency mode operation plan Testing and revision procedures Trained employees who are able to follow these procedures If your billing is outsourced -- A Business Associate Agreement needs to be place that states the "company" will follow all HIPAA standards. I personally recommend that your billing company certify in writing that they meet all HIPAA standards. This will protect your practice from possible risk that an outsourced billing company could cause to your practice for not being in compliance. If your billing company is not willing to certify they meet HIPAA standards, then you may want to look elsewhere to outsource your billing. The second deadline is April 14, 2003. There will be no extension for this date. This requires that your medical practice responsibility is to provide a new consent for treatment no later than the first encounter after April 14, 2003 for disclosure of Patient Health Information (PHI). This consent will have consent for treatment, release of information for payment and the use of PHI for healthcare operations. You must also provide your Notice of Privacy Practices to all of your patients at this time. Some of the responsibilities that your practice will need to have policies in place for are: What policies are in place to restrict the release of PHI How your practice allows the patient to access, inspect and copy their own PHI How patients can request an amendment to their PHI How the practice can give an accounting of all uses and disclosures of their PHI Employee education on these policies HIPAA is here NOW! All healthcare providers have a responsibility to their patients, as well as the law, to become compliant. HIPAA law applies to any and all persons who handle or have access to Patient Health Information (PHI). Failing to take HIPAA seriously and actively working toward compliance could jeopardize what you have worked so hard to obtain. Yes, it may seem overwhelming, however, begin now and take it one step at a time to put these changes in place. Hiring a HIPAA consultant to help and guide you and your practice through the changes is a great start. Maritza R Vega, CRP, HC is a HIPAA consultant and reimbursement specialist with Millennium Medical Billing, Inc.
Millennium Medical Billing… the future in medical administration

\| Home \| HIPAA \| Services \| Why MMB \| \| Testimonials \| News & Events \| About Us \|

Practice Management

HIPAA Compliance