Many practices understandably set the Health Insurance Portability and Accountability Act of 1996 (HIPAA) on the back burner or do their best to avoid the work of following it to the letter.
But there are many reasons why HIPAA is actually beneficial to your practice. Ensuring that you are HIPAA compliant should be high on your list of priorities.
By human nature, we naturally embrace those things from which we gain personal or professional benefit. And believe it or not, HIPAA can be one of them. Most of the time, you read about the risks and penalties that can result from HIPAA-related investigations, and about the absence of adequate policies that ensure compliance. While these things are certainly notable and true, there is another side to HIPAA that provides guidance, structure, and peace of mind to practices.
Your base of operations
Growth and prosperity in any type of business begins at the foundation. An enduring structure can be built on a strong and solid base, layer by layer, while a weak foundation will buckle or crack over time and will not sustain additional growth. For your practice, these “layers” could be more patients, more employees, an associate, new services or products to implement, and more.
While HIPAA doesn’t make up the entire foundation of your practice, it is an essential element. Before going further, a brief review of HIPAA may be helpful for those who are unfamiliar with it.
Established in 1996, HIPAA has two primary components: privacy and security.
HIPAA Privacy establishes guidance and provides standards to protect individuals’ medical records and other personal health information. In short, HIPAA Privacy provides structure to practices for the security of paper charts, identifies guidelines for how practices may use and disclose protected health information, defines patient rights when it comes to their protected health information, and much more.
HIPAA Security establishes guidance and provides standards to best ensure the integrity and safety of protected health information that is created, maintained, stored, or transmitted via electronic methods. The Security Rule accomplishes this by requiring practices to address and incorporate adequate policies and procedures regarding administrative, technical, and physical safeguards.
How HIPAA helps you
HIPAA offers substantial benefits to you and the pursuit of compliance can create an improved business environment for your practice and your patients. As you read through, consider how these briefly described scenarios may relate to your practice.
- Your practice has filing cabinets and boxes filled with manila folders containing patient information dating several years back. You could use that space for other things now (or possibly could stop paying rent on an external storage facility) but you have no idea where to begin. What can you destroy, how is this required to be managed, who can handle this task, and what steps must be taken for appropriate disposal?
- Your longtime CA is moving on to other adventures. They have access to all your information systems, pass- words to just about everything, and are the contact person for various entities you do business with. You don’t know the accesses you need to obtain and change, or even how to make sure you get all of them so you can still run your business. Without knowing how to carry out the responsibilities of your CA, it is difficult to take over those responsibilities yourself or appropriately train a successor. Where on earth do you start and what do you do?
It appears the primary computer in your office, which has your practice management and EHR software installed, now has a virus. Not only is the computer system operating slowly, but your CA mentioned that the appointment schedule has mysteriously removed a few appointments and you have noticed a similar effect on the EHR portion where your daily notes are recorded.
How do you remove the virus and prevent this from occurring in the future? In addition, how do your ensure that your schedule and daily notes were not damaged and what should you do if they were? How does this affect your billing? Was patient information compromised? If so, what’s the next step to minimize danger to your patients?
You have a practice that treats multiple members of many families. A newly expectant mother came in for care yesterday and notified you of her pregnancy before treatment. You documented this accordingly and provided the information to your CA, who will be performing a therapy on this patient per your instruction.
Today, the expectant mother’s parents were in for care and your CA congratulated them on the newly expected grandchild. A short time later, you receive a call from an upset mother-to- be, as she had not yet shared this information with her family because she was waiting to surprise them. How do you handle this issue? What can be done to prevent this in the future? How do you explain this breach of privacy to the expectant mother?
You have a social media page and also allow emails between your patients and your practice. Patients frequently ask treatment-related questions by email and your practice periodically posts testimonials to social media. What guidelines must you have in place to avoid a breach of patient privacy through these channels? Have you and your staff established boundaries for social media use and what is appropriate to communicate by email?
All the scenarios above can be minimized or even eliminated through the pursuit and implementation of HIPAA rule compliance. This can be a huge timesaver and stress- saver for your practice. In fact, most practices have already faced one or more of these challenges and there are many more possible scenarios to consider for which HIPAA provides the necessary guidance. As you consider these kinds of scenarios, think about why HIPAA really makes a difference for your practice and your patients.
Protecting your bottom line
In addition to helping your practice manage incident risk and the expenses that can be incurred, mandated HIPAA compliance also provides a framework for efficiency and consistency in many of the functions your practice undertakes during normal operations. This includes not only day-to-day functions but also the infrequently performed job duties that can still impact cash flow, the preservation of earned income, and the reputation of your practice. Regardless of your practice size or number of employees, HIPAA provides the benefits of guidance and structure.
For your patients, the ever-increasing risk of identity theft (and medical identity theft in particular) is a serious concern. Many people take various precautions to protect their credit history from dangers that can arise from making online purchases—and public purchases, too.
Even if your practice doesn’t keep credit-card information on file, you have patient information of significant value. If that patient data ends up in the wrong hands, it could be immeasurably damaging to your patients.
This kind of information includes (but is not limited to): patient name and address, work information, treatment information and diagnosis, family and personal contact information, insurance information, and social security numbers. Patients everywhere appreciate knowing that their healthcare providers have taken appropriate and required measures to ensure that their sensitive information is well- guarded.
The proactive pursuit of HIPAA compliance provides benefits to your practice, in addition to the risk management components that can be costly for practices that don’t fully enact them.
Brandy Brimhall , CPC, CMCO, CCCPC, CPCO, CPMA, has been serving chiropractic since 1999. She holds certifications in coding, compliance, and auditing. She has firsthand experience with billing, documentation, administrative, and compliance implementation and management within the chiropractic practice. She is the director of compliance services and director of education with Chirocode Institute. She can be contacted at support@chirocode.com or info@compliantchiro.com.