HIPAA for Dummies
By: Scott Hendison   ·   Originally Published: December 2002

SPECIAL REPORT

What is HIPAA?

Hipaa was an Act of Congress.  To be exact, it was The Heath Insurance Portability and Accountability Act of 1996.  The last Act of Congress to so dramatically affect American business to this degree was the Americans with Disabilities Act.

In Hipaa, Portability means being able to keep your heath insurance, like through COBRA, for instance. That’s important to people, but that’s certainly not what the HIPAA uproar is all about.

The HIPAA uproar is about all about accountability.  Accountability means that the Federal Government is now regulating ALL U.S. health care providers, doctor’s offices, etc. for complete privacy and security of ALL information regarding their patients. Penalties for Hipaa violations include fines starting at $100 each, and ranging all the way up to $250,000 and ten years in prison.

Why HIPAA?

Did you know that the pharmaceutical giant Eli Lily sold the mailing list of patients who had been prescribed Prozac? How about the fact that tennis great Arthur Ashes’ HIV status was office gossip that slipped out to the press, forcing him to address it publicly? These and countless other violations of privacy are exactly what HIPAA is intended to combat.

Protected Health Information, (PHI) can be used by marketers, employers, insurance companies, politicians, and any number of other entities to discriminate, punish, hire, fire, market and even blackmail you. Somebody has to protect that privileged information, and that somebody is YOU, the health care professional. Why? Because an Act of Congress says so, that's why.

If you are a licensed medical provider of any kind, no matter how small your office is, you are, (or will soon be declared to be), a "covered entity" by the HIPAA regulations. Anything else you've heard is simply not true. HIPAA is here to stay, and unless you're considering a career change, you going to have to take it seriously.

What should you do?

Educate yourself. Call your local professional association and ask when the next seminar is taking place. Once you attend, you’ll have a better idea about the enormity of Hipaa. If you’d like to learn more right now, here’s a link to a pretty basic presentation  Multnomah County Hipaa 101.

If you’d like to find an available seminar near you, try these links…

Oregon Dental Association

Oregon Medical Association

Chiropractic Association of Oregon

 

You are going to have to do a lot of the privacy work yourself, and that’s okay, because qualified Hipaa help is hard to find. Even when you can find it, it will be expensive, so all the work you can do yourself will save you money. It won’t be particularly difficult, but it will take time. A lot of time. The average two doctor office, with a staff of 6, will require 60 to 80 hours of work to become fully Hipaa Privacy compliant. Even then, there will be regular maintenance required to remain compliant.

There are dozens of software packages to help with the privacy rules that range in price from $300 to $3000 and even higher. They are designed to facilitate everything you need to do, and boy, is there a lot to do. Do not attempt to do it without one of these packages unless you like punishing yourself. At this time I’ve used three, and all of them were pretty easy to get started with. If you need help finding one, e-mail me.

Security and Privacy

There are actually two separate distinctly different HIPAA accountability sections. One deals with privacy, and one with security, both physical and electronic. The Hipaa Security Rule was finalized in February of 2003, and full compliance is mandatory by April 21, 2005.

However, the actual first date of security compliance has already passed. October 16, 2002 was the deadline for compliance regarding your Transactions and Code Set Standards for electronic billing. You should have filled out a request for extension form by October 15, 2002, and if you didn’t, then you are already in violation. You need a copy of a corrective plan of action filled out and in your file cabinet if anyone comes to check, (which they won’t, but do it anyway).

Getting Help

Unlike the privacy rule, the security rule cannot be dealt with yourself simply by using a software package and allocating enough time. The technical skills and computer knowledge required to complete the Security Risk Assessment is fairly extensive, and most small offices will have to outsource in order to get an accurate picture of the steps they'll need to take to become Security compliant.  By starting on the security plan now, there will be over a year before the deadline to budget for any required changes to your technology.

Just like the Americans with Disabilities Act of 1990, Hipaa will create a cottage industry of Hipaa related services and businesses and consultants. That industry can be an excellent resource for you, or an incredible boondoggle to try to navigate. My own business, Portland Technology Consultants currently performs HIPAA Security services, but only for offices with less than 25 employees.

This article is not intended to scare you, but to inform you.  Make no mistake, there will be an enormous amount of work involved, over the next few months and years, not only for doctors and their staff, but for pharmacies, insurance companies and lawyers too.

Be sure you get quality advice, service, and products and at fair prices. The best way to do this is to talk among yourselves. Call and e-mail your friends and colleagues to discuss progress, software, and any compliance problems and solutions that might help others. Above all, don't worry! Just don't procrastinate and you'll be fine. You made it through medical school, didn't you?

 

Client & Web Advertisements


Custom Printed Coffee Cup Sleeves By Java Jacket
Portland Medical Malpractice Attorneys
Security Locking Mailboxes to Prevent Identity Theft
Gateway Area Business Association - A network of small businesses located in the Gateway, Parkrose Area of Portland, Oregon.
Providing local neighborhood news and articles servicing the Gateway, Parkrose and surrounding communities.

Scott Hendison hereby grants reprint rights for all of his own articles on this website providing that the following italicized lines (with the live link) are included as a byline:

 

Scott Hendison is a computer & internet consultant based in Portland Oregon. He specializes in search engine placement, internet marketing, and Retail Point of Sale (POS) systems with e-commerce, for customers in five countries. for more information, visit his website is http://www.pdxtc.com.

 

Need more info?-

Scott is the owner/operator of Portland Technology Consultants, providing computer and internet consulting services to local Portland Oregon businesses, and over the internet in five countries. He is a member of the Independent Computer Consultants Association and is on the Board of Directors for the Oregon Computer Consultants Association.

 

He is also on the Board of the Gateway Area Business Association and an active member of the East Portland Chamber of Commerce. His website is filled with nearly 100 computer & technology related, articles like this one, and he has a daily blog here. If you'd like to know more, please visit the main page at http://www.pdxtc.com, or call him at 503.522.9244.

 

Please help keep these articles coming, by visiting my website, shopping online, and sharing this site with your friends, families, and business associates.
 

© Copyright 1997-2005; Scott Hendison, Portland Technology Consultants.  All Rights Reserved.