5 Reasons to Subscribe   Subscribe via: ( Email / RSS )

Chiropractic Compliance Concerns, HIPAA Hassles and Practitioner Paranoia

Written by Tom Necela on March 9th, 2010
Topics: Audits, Business, HIPAA, compliance

hipaa compliance

Just in case you were actually focusing on your practice and not glued to the news, HIPAA television and the endless assault of compliance related emails that cross your desk, we had three significant deadlines in February that seem to have rattled a significant number of you.

Even though I may not know you personally, I am going to extend you the grace of assuming that you are not normally paranoid, panicky or otherwise possessive of a peculiar tendency to “snap” when confronted with the politics of change that besets our profession.

So, let me first gently remind you of the deadlines of which you may or may not be aware.  And then, I’d like to put your mind at ease over a few items that repeatedly hit my email inbox and drip with panic-driven sweat and media-fueled fear.

The Deadlines

  • New requirements for “Business Associates” – Deadline: February 17, 2010 HIPAA rules were strengthened by extending the responsibility for protection of PHI to “Business Associates.” Under the new law, the “Business Associates” have the same responsibilities for any breach of private health care information as do the provider of the services. “Business Associates” would include Attorneys, Consultants, Accountants, Third-Party Billing Companies, Computer Vendors or maintenance companies, etc. For a more detailed description of this requirement, see my previous blog entry on “Mandatory HIPAA Updates.”

  • Disclosure Agreement Provision – Effective: February 18, 2010
    Patients have the right to pay in full for out of pocket expenses for health care services and request that your practice not disclose his or her medical information to a health plan or other entity. Your practice must comply with this request. Make sure that all your employees are informed about this provision and modify notification or follow-up procedures where applicable. This is information that will have to be shared with all employees in the medical practice that is involved in health information and insurance processing.  This one is not likely to happen too often, but regardless, you are still required to follow the rules should it occur.  Essentially, if you have a patient that is under- or non-insured and pay for services in cash (or credit card, check), they have the right for their info to remain silent.
  • Information Breach Notification – Effective February 22, 2010
    New provision requiring that HIPAA covered entities such as physicians notify patients (and Business Associates notify the partnering entity) of any breach of health care information. If a breach involves 500 people or less, the responsible party must notify each affected individual by written notice. This notice must contain the details of the breach, the information disclosed, and the steps being taken by the practice or entity to avoid any future breaches, as well as explaining the rights of the patient(s) in protecting their private healthcare information. If the breach involves more than 500 persons, the Act requires that the Department of Health and Human Services be notified as well as the local media outlets.  Hopefully, this one will never happen, but you should be aware that if it does, there are required steps to take.

The Reality of the Situation

Of those three new HIPAA requirements, I do not see any as the reason to hit the panic button.  Rather, get your Business Agreement in place and train the staff on the other two, should the need ever arise.

As for other recent news affecting our practice (and for which I received a lot of email),  the President did signed into law a bill that delays Medicare Fee cuts until March 31, 2010.  Hopefully, this delay will be prolonged at least until 2099 or until the government gets its Medicare act together, in which case the 2099 date may happen first.  On this item, continue to make your voice known through your state and national associations and hope that we make enough collective noise to stop the feds from cutting our paychecks.

Again, no need for panic, but action may be helpful.

Some FAQs About Chiropractic Compliance Measures

The one interesting byproduct of chiropractors who begin to get their compliance act in gear is that more questions begin popping up over everyday matters.   Suddenly, policies and procedures they have utilized for years become the subject of much questioning, much needed revision and, in some cases, not so needed fear.

To set the record straight, here are a few items that I would like to clarify for you so that you can fully understand your responsibilities and which side of the compliance fence that you stand.

  • Q. Our practice confirms patients’ insurance coverage by contacting their health plans the day before their appointments to verify coverage and patients’ financial responsibility. Do we need their consent or authorization to contact their health plan? A. Patient consent or authorization is not necessary to disclose PHI for coordination of benefits, which is considered part of your treatment.  Per HIPAA [45 CFR | 164.501] the full definition of treatment includes: “the provision, coordination or management of health care and related services by one or more health care providers, including the coordination or management with a third party
  • Q:        Are sign-in sheets or calling out the next patient’s name in the waiting room – allowed or not allowed? A: Yes, they are allowed. Believe it or not, if you actually sit down and read through the HIPAA regulations (sick and twisted) one of the intentions behind HIPAA that you will repeatedly see mentioned is “administrative simplification.”  To this extent these activities result in other people learning a patient’s name or other information, the disclosure would be considered “incidental” to your of the patient, and therefore acceptable under HIPAA.  (7.6.2001, OCR HIPAA Privacy TA 164.000.001 FAQ) Chiropractors should still take appropriate precautions to limit the amount of information that might be incidentally disclosed in this manner. For example, you may not want to ask patients to list “reason for visit” on a sign-in sheet. With respect to placing charts outside of your adjusting rooms, you should take precautions such as turning the front of the chart towards the wall so others do not have the opportunity to read the front page while walking past the room.
  • Q:  What about billing electronically, EMR and all these new proposed regulations? Am I going to be required to do all of this? A:  While it may make sense for many individuals to move as much as their practice as possible to an electronic format, you have two reasons to rest easy.  1)  Several proposed requirements for electronic communications are still in the future and so there dates may be delayed or never quite arrive.  2) You may be an exception to the rule anyway.  For example, back in 2003, providers were supposed to be required to bill Medicare electronically.  However, this requirement does not affect many chiropractors, as there are exceptions to physicians with fewer than 10 full-time employees. [42 USC | 1395y(h)]

Keep informed so that you know what you are required to do, but don’t get paranoid. Focus on your practice and your patients. Sleep easy.

Best wishes for continued success!

Tom Necela, DC


Related posts:

  1. Mandatory HIPAA Update Required by 2/17/2010 for Chiropractors! The good news is that the new HIPAA requirements aren’t...
  2. Is Your Chiropractic Office Secure? Today’s post is a back-to-basics reminder of something that we...
  3. Practical HIPAA Privacy for the Compliant Chiropractor From the recent activity of my email inbox, I am...
Comments Off

Comments are closed.

Copyright © 2010 The Strategic Chiropractor. All rights reserved.

admin

Wordpress Theme by Abe Fawson — goodfront.com