HIPAA & your practice management software By Bruce D. Armon, Esq. & Shardul Mehta



Similar documents
HIPAA (The Health Insurance Portability and Accountability Act)

Understanding the HIPAA standard transactions: The HIPAA Transactions and Code Set rule

HIPAA Administrative Simplification and Privacy (AS&P) Frequently Asked Questions

HIPAA COMPLIANCE AND THE EMPLOYMENT INDICATOR SYSTEM

PERSONAL HEALTH RECORDS AND

APPENDIX 1: Frequently Asked Questions

General HIPAA Implementation FAQ

GENERAL OVERVIEW OF STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION [45 CFR Part 160 and Subparts A and E of Part 164]

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

Health Insurance Portability and Accountability Act HIPAA. Glossary of Common Terms

HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for

-1- PERSONNEL CERTIFIED / NON-CERTIFIED /

MEDICARE TEXAS (TRAILBLAZERS) PRE ENROLLMENT INSTRUCTIONS MR085

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

BUSINESS ASSOCIATES [45 CFR (e), (e), (d) and (e)]

The Privacy Rule is designed to minimize conflicts between Federal requirements and those of State law. It establishes a floor of Federal privacy

Double-Take in a HIPAA Regulated Health Care Industry

Introducing the NASW Updated Sample HIPAA Privacy Forms and Policies

HIPAA Compliance Calendar

Chapter 4: Electronic Data Interchange

Dear Provider, Vendor, Clearinghouse or Billing Service:

ELECTRONIC HEALTH RECORDS

MYTHS AND FACTS ABOUT THE HIPAA PRIVACY RULE PART 1

Entities Covered by the HIPAA Privacy Rule

Chapter. 21TMHP Electronic Data Interchange (EDI)

EDI TRADING PARTNER AGREEMENT BETWEEN DIRECT SUBMITTER AND WELLPOINT, INC.

INTERMEDIATE ADMINISTRATIVE SIMPLIFICATION CENTERS FOR MEDICARE & MEDICAID SERVICES. Online Guide to: ADMINISTRATIVE SIMPLIFICATION

HIPAA Frequently Asked Questions Free & Charitable Clinic HIPAA Toolbox May 2014

SARASOTA COUNTY GOVERNMENT EMPLOYEE MEDICAL BENEFIT PLAN HIPAA PRIVACY POLICY

The HIPAA Privacy Rule: Overview and Impact

Graphic Communications National Health and Welfare Fund. Notice of Privacy Practices

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)

The HIPAA Security Rule Primer A Guide For Mental Health Practitioners

What it Means for You and Your Organization

HIPAA Enforcement Training for State Attorneys General

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

RONALD V. MCGUCKIN AND ASSOCIATES Post Office Box 2126 Bristol, Pennsylvania (215) (215) (Fax) childproviderlaw.

Payer Agreement Instructions for Trailblazer Medicare Payers

Data Breach, Electronic Health Records and Healthcare Reform

SDC-League Health Fund

ProviderNews2013. Recent and upcoming changes to our precertification, utilization management, and clinical practice guidelines TEXAS

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

Healthcare Applications and HIPAA. BA590-IT Governance Final Term Project Prof. Mike Shaw

Combined Insurance Company of America

HIPAA: AN OVERVIEW September 2013

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

Section 10. Compliance

HIPAA Privacy Rule Primer for the College or University Administrator

HIPAA and Its Implications for Dental Hygiene

3 Learning Objectives (cont d.)

Frequently Asked Questions About the Privacy Rule Under HIPAA

The HIPAA Security Rule Primer Compliance Date: April 20, 2005

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

Right to Request Access to Designated Record Set

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

HIPAA Employee Compliance Program TRAINING MANUAL

Patient Financial Policies

Emdeon Claims Provider Information Form *This form is to ensure accuracy in updating the appropriate account

HIPAA & Colorado Workers Compensation

Alert. Client PROSKAUER ROSE LLP. HIPAA Compliance Update: Employers, As Group Health Plan Sponsors, Will Be Affected By HIPAA Privacy Requirements

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

HIPAA Privacy, Security and Breach Notification Audits

National Provider Identifier (NPI) Frequently Asked Questions

NOTICE OF PRIVACY PRACTICES

HIPAA 5010 It is important to prepare now Deanna Stohl ETP Contracting and Relations e-business Interchange Group Blue Cross Blue Shield Michigan

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

White Paper. Applying HIPAA s Framework to the Sale and Purchase of Healthcare Receivables

How To Write A Community Based Care Coordination Program Agreement

BUSINESS ASSOCIATES [45 CFR (e), (e), (d) and (e)]

HIPAA PRIVACY AND SECURITY STANDARDS CITY COMPLIANCE

HIPAA PRIVACY AND EDI RULES

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

HIPAA COMPLIANCE. What is HIPAA?

The HIPAA Standard Transaction Requirements: How do Health Plans Comply?

Bradley D. Powell, PhD NOTICE OF PRIVACY PRACTICES: Effective June 1, 2004

Legislative & Regulatory Information

Presentation to the Senate Committee on State Affairs: Health Care Information Security

MLN EDUCATIONAL PRODUCTS UPDATE

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

HIPAA Regulations and the Higher Education Institution

BlueCross BlueShield of Tennessee Electronic Provider Profile

SOP Number: OCR-HIP-001 Effective Date: August 2013 Page 1 of 5

HIPAA Compliance for Small Healthcare Providers

LTC Online Portal Security Training Manual

Introduction to ICD-10: A Guide for Providers. Centers for Medicare & Medicaid Services

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

HIPAA BUSINESS ASSOCIATE AGREEMENT

Executive Memorandum No. 27

PATIENT REGISTRATION FORM

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

HIPAA Privacy Overview

HIPAA Compliance Policies and Procedures. Privacy Standards:

Program Memorandum Intermediaries

HIPAA Refresher. HIPAA Health Insurance Portability & Accountability Act

HIPAA Transactions and Code Set Standards As of January Frequently Asked Questions

FMH Benefit Services, Inc.

Transcription:

HIPAA & your practice management software By Bruce D. Armon, Esq. & Shardul Mehta Published March 2002 React to this article in the Discussion Forum. Most physician practices are computerized in some fashion. The level of computerization may range from simple billing functions and patient scheduling to electronic medical records and entire practice management activities. By now, most of the health care industry has heard of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA does not require practices to purchase computer systems. However, the installation of a HIPAA-compliant software system may actually help a practice reduce its administrative costs. Two of the principal areas of a physician s practice affected by HIPAA are the practice s billing software and practice management software. HIPAA includes six sets of rules related to the format of electronic transactions; protection of patient s privacy; ensuring the security of patients health information; and defining universal identifiers for individuals, health care providers and employers. The timeline for compliance for two components of HIPAA is rapidly approaching. These are the Transactions and Code Set Standard (Transaction Standards) and the Privacy Standards, which have already been finalized and are set to take effect in October 2002 and April 2003, respectively. President Bush recently extended the deadline for compliance with the Transaction Standards to October 2003. However, this is not a blanket extension of the deadline. Congress recognized that this extension had the potential to result in an indefinite delay in the implementation of the Transaction Standards. Therefore, HIPAA-covered entities (this includes physicians and their practices) must get approval for an extension from the Secretary of HHS. The covered entity must explain how it plans to use the extra year to achieve compliance. HHS is required to provide a model compliance form for covered entities seeking an extension by March 31, 2002, though a covered entity is not required to use this model form when making its request for an extension. If no extension is sought, all

covered entities that can reasonably meet the original October 2002 deadline are expected to continue their efforts to do so. Regardless of whether a physician practice seeks an extension, it must begin internally evaluating its own practice and its relationships with its various vendors now to ensure a smooth HIPAA-compliant transition. According to the 2000 edition of Guide to Medical Practice Software published by Harcourt, there are more than 1,500 active practice management software vendors. The medical practice software industry has revenues exceeding $4 billion per year. Hence, how does a physician practice evaluate its current software system for HIPAA compliance? If the practice is in the market for a new software system, how should it evaluate various vendors in terms of HIPAA compliance? Make sure the vendor understands the requirements of the Transaction Standards. The Transaction Standards has specified ANSI ASC X12 as the standard for electronic transactions, including billing, payment, eligibility verification and preauthorization. This means, for example, that a physician must make sure the electronic claims sent to payers are in ANSI ASC X12 format. According to HHS, there are approximately 400 different formats currently in place for electronic health transactions. Therefore, whether a practice is evaluating its current computer vendor or shopping for a new one, it should make sure that the vendor is not only aware of the Transaction Standards, but is able to speak intelligently about how their systems are, or will be, compliant with the Transaction Standards. Here are two examples of the potential impact of the Transaction Standards on a physician s computer system. Dr. A uses a computer system that prepares claim information in an electronic file to be submitted to a clearinghouse. Once the system prepares the electronic file, Dr. A dials into the bulletin board service (BBS) provided by the clearinghouse and uploads the electronic file. Some time later, Dr. A dials back into the BBS and downloads an electronic remittance file. Dr. A s software reads this file and automatically posts payment information. In this example, Dr. A will get maximum value for his or her computer software if both the electronic claim file prepared by the computer system and the electronic remittance file provided by the clearinghouse are in standard ANSI format. This is possible only if both Dr.

A s system and the clearinghouse accept and submit standard transactions. Dr. B uses a computer system that prepares claim information in an electronic file to be submitted directly to a payer (e.g., Medicare). Dr. B dials into the payer s BBS and uploads the electronic file. Some time later, Dr. B dials back into the payer s BBS and downloads an electronic remittance file. Dr. B s software reads this file and automatically posts payment information. In this example, both Dr. B s system and the payer must support standard transactions, since Dr. B and the payer are transacting directly with each other. A physician will get maximum value if his or her billing or practice management system is able to prepare, send, receive and process ANSI standard electronic transactions. Note that HIPAA does not apply to the format in which data is stored. Computer systems are free to use any data format of their choosing in order to store data. HIPAA only applies to the format in which data is transmitted. Check if the vendor is able to assist the practice in complying with the Privacy Rule. The Privacy Rule imposes numerous requirements upon physicians and their practices. For instance, prior to disclosing a patient s protected health information (PHI) for the purposes of treatment, payment or health care operations (TPO), a physician practice must obtain the patient s consent. In addition, a physician practice must obtain a patient s authorization to use or disclose PHI for purposes other than TPO. An authorization is more detailed and specific, and has a definite expiration date. A practice management system can ease the administrative headaches a physician practice may encounter in complying with the Privacy Rule with a few simple mouse clicks. For example, the practice management system could provide the following functions: Tracking the date that the patient s consent was obtained. Maintaining electronic copies of the signed consent and authorization forms. Tracking patient requests for restrictions on use and disclosure of PHI, whether the physician agreed to the request, and if so, retaining a copy of the modified consent.

Tracking whether and when the consent was revoked by the patient. Tracking when patient authorizations were obtained, what they were obtained for, and their expiration dates. The Privacy Standards provide that a patient may request an accounting of all disclosures made by a covered entity (which includes a physician) within the preceding six years. The accounting of the disclosure must include, among other items, the date, name and address (if available) of the person or entity that received the information, and a description of the PHI disclosed. Practice management software designed in compliance with the Privacy Standards could make all of this information available to the physician s office by viewing the main "window" or connected "windows" related to that particular patient, rather than having to undertake a manual review of the hard copy of the file. Note that a software vendor is not required to provide all of these services. However, it is in the best interest of a physician practice to partner with a vendor who is willing to work with the practice in achieving HIPAA compliance. Be aware that, if a practice contracts with an entity considered a "business associate" as described by the Privacy Standards, the practice should make sure that the agreement between them includes certain protections as defined in the Privacy Standards. This includes a requirement that the business associate use appropriate safeguards to prevent use of disclosure of PHI other than as provided in the agreement. During the course of the upcoming months physicians will be bombarded with requests and reminders to ensure their practices are HIPAA-compliant. Because so many physician practices now rely on sophisticated computer systems to assist them with their day-to-day office activities, physicians need to start reviewing their current practice management and billing systems. Doing so can save them time, money and administrative headaches in the long run. If a physician finds that his or her current vendor is unable or unwilling to help it meet the HIPAA standards, then now is time to begin shopping for a new vendor whose products and services can help the physician s practice achieve HIPAA compliance before the HIPAA compliance date. Bruce D. Armon, Esq., is a member of the Health Law Practice of Saul Ewing LLP in its Philadelphia office.

Shardul Mehta is Product Manager at InfoQuest Systems, Inc., a full service provider of health care information management systems. Free Offer! Get Daily News Briefs by Email 1996-2006, Physician's News Digest, Inc. All rights reserved. Delaware Valley Edition Texas Edition Western PA Edition Recruitment Cover Story Cover Story Cover Story CME Spotlight Interview Spotlight Interview Spotlight Interview Discussion News Briefs Medicine & Computers News Briefs Email Editor's Notebook Medicine & the Law Editor's Notebook Search Commentary Medicine & Business Commentary Archives Medicine & Computers Personal Finance Medicine & Computers About PND Medicine & the Law Medicine & the Law Advertising Medicine & Business Medicine & Business List Rentals Personal Finance Personal Finance Subscriptions

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information