Insights From Our Editors

Practice Protection Mandate: Prevent HIPAA Violations

August 24, 2016

You may be surprised at how at risk your practice is for HIPAA violations, in which a patient’s private information is breached. According to HHS.gov, the web site of the federal government’s Health and Human Services department, there were 134,247 HIPAA complaints filed in May 2016.

The medical delivery of eyecare is at risk in your practice if you are not HIPAA-compliant. So, the important question is: are you HIPAA-compliant?

The HIPAA auditor just walked into your office. The first staff member they see is asked four simple questions:

Who is your HIPAA Privacy Officer?

Who is your HIPAA Security Officer?

Who is your HIPAA Public Information Officer?

Who is your HIPPA Review Officer?

Can your staff answer these questions? If not, you have a HIPAA problem.

In very simplistic terms, here are some of the major responsibilities of each of the HIPAA Officers.

  • The Privacy Officer is responsible for managing the patients’ protected health information (PHI) and keep staff educated and trained on HIPAA issues.
  • The Security Officer is responsible for the physical and digital protection of the patients’ PHI. This includes things such as firewalls, anti-virus protection, sprinkler systems and security systems.
  • The Public Information Officer is the face of the practice to the general public.
  • The job of the Review Officer is to review any patient request that has been denied by the Privacy Officer and give a second opinion.

Can one person be all four HIPAA Officers? The Privacy Officer, Security Officer and the Public Information Officer can all be the same person if you have a small staff. The Review Officer has to be a different person than the Privacy Officer.

What is the cost of making HIPAA mistakes?

Source: American Medical Association

With the cost of making mistakes so high, it is important to be HIPAA-compliant. Here are cases highlighted by HIPAA to help you understand compliance. Review these cases to make sure you are compliant.

Entity Rescinds Improper Billing for Medical Record Copies
Private Practice Implements Safeguards
Private Practice Revises Process to Provide Access to Records
Private Practice Revises Access Policy
Private Practice Ceases Conditioning of Compliance with the Privacy Rule
Private Practice Revises Access Procedure

An interesting HIPAA term is Business Associates. Who are Business Associates? The HIPAA web site identifies them as people who are not your direct employees who are involved in “… claims processing or administration; data analysis, processing or administration; utilization review; quality assurance; billing; benefit management; practice management; and repricing … legal; actuarial; accounting; consulting; data aggregation; management; administrative; accreditation; and financial.”1

Do you have signed Business Associates Agreements? If not, then you are to blame if they violate HIPAA rules on PHI. With a signed BAA, it’s their fault, not yours. Manage this risk appropriately by getting signed BAAs. You can get the form from the AOA web site (Sample Business Associate Agreement).

The AOA has resources that can help you become HIPAA complaint, but you need to invest the time and resources to get the job done. Why is this important? Well, the potential fines should be a motivator, but there is a bigger reason – you will not be able to participate in the Affordable Care Act delivery mechanisms for medical care if you are not HIPAA-complaint. (You need to know that if the Republicans repeal and replace the ACA, they are going to have the same requirements. Both sides of the political aisle want HIPAA compliance.)
Don’t put this off, get HIPAA-complaint today.

References

1. http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html

2. http://www.aoa.org/optometrists/tools-and-resources/hipaa-compliance?sso=y

To Top
Subscribe Today for Free...
And join more than 35,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.