HIPAA Q & A
HIPAA Q & A
[Editor’s note: This is the second in a series of periodic columns that will address specific questions related to Health Insurance Portability and Accountability Act (HIPAA) implementation. If you have questions, please send them to Sheryl Jackson, Same-Day Surgery, American Health Consultants, P.O. Box 740056, Atlanta, GA 30374. Fax: (404) 262-5447. E-mail: [email protected].]
Question: How do I assess my readiness for the privacy requirements?
Answer: Start by looking at all of your policies and procedures to see which already comply with HIPAA, says Michael R. Callahan, partner and head of the HIPAA section for Katten, Muchin, Zavis and Rosenman, a Chicago-based law firm. Depending on your organization’s resources, this step can be accomplished externally with a consultant or internally, he says.
"Many state associations and trade associations have posted information on the Internet to help same-day surgery programs and other providers review their HIPAA readiness," Callahan says.
Compare your state regulations to the HIPAA requirements, he suggests. Many state trade associations have undertaken this task to help their members, he says. "In Illinois, we had to go line by line through 324 state statutes and regulations and compare them to HIPAA," he points out.
The good news is that most state regulations are more stringent than HIPAA requirements. "If the state requires more than HIPAA, you follow the state requirements," says Callahan. As you go through your assessment, be sure to look not only at your policies, but at your actual practice as well, suggests Callahan. "We’re finding that most problems are related to sloppiness," he says. The most typical problems in outpatient surgery are:
- Medical records sitting on a desk or countertop in an area that is open to public traffic. Records can be left in a designated place for physicians to sign or to enable easy access for nurses, but they must not be left in an area in which nonhealth care providers travel.
- Computer monitors that display patient information are positioned so that people in the reception area can see them. Turn your monitors or rearrange desk areas so that only the employee can see the information.
- A scheduling white board that includes patient names, procedures, or surgeons, on which non-health care providers can see names. Make sure this information is placed in a location that is seen only by appropriate health care personnel.
- A sign-in sheet contains not only the patient’s name but also some other identifier such as procedure or reason for coming into the facility. Sign-in sheets are fine, as long as they don’t contain other information that is related to the patient’s medical history, Callahan points out.
As you review your HIPAA readiness, remember that patients may come to you and ask for an accounting of how their protected health care information was used and to whom it was given, says Callahan.
"Be sure your records are linked in such a way that you can find any and all information related to billing, medical treatment, and claims filings," he says. "You must be able to pull together all of the information, along with the log sheet showing how the information was shared, within 30 days." This requirement means that you may have to find parts of records in radiology, laboratory, pharmacy, quality assurance, accounting, and any number of other areas, he says.
You also want to work with your information technology department or consultant to make sure additions can be made easily to the record, because Callahan points out, "In addition to giving the patient the right to inspect records, the patient also may amend the record, so make sure you have that capability in place."
Source
For more about Health Insurance Portability and Accountability Act (HIPAA) compliance, contact:
• Michael R. Callahan, Partner, Head of HIPAA Section, Katten, Muchin, Zavis and Rosenman, 525 W. Monroe St., Suite 1600, Chicago, IL 60661-3693. Telephone: (312) 902-5634. Fax: (312) 902-1061. E-mail: [email protected].
Question: How do I assess my readiness for the privacy requirements?
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.