Common Questions about HIPAA Compliance Rules
- I had my benefits administrator file the extension for HIPAA compliance on the Internet recently. Therefore, I do not have to worry about this until next October.
- What are the penalties for non-compliance with HIPAA?
- If I don't do anything wrong and protect my patients' information, I can't get in trouble, right?
- I have a small practice. Does the size of my practice change what regulations apply to me under HIPAA?
- Are faxes and paper records subject to HIPAA compliance rules?
- I file some paper claims, and some electronic claims - won't just the electronic claims be subject to the HIPAA rules?
- I can handle HIPAA Privacy Compliance on my own without any outside expertise.
- Only a law firm can handle this issue.
- If I act now the laws will probably change between now and then so I will have wasted my time.
I had my benefits administrator file the extension for HIPAA compliance on the Internet recently. Therefore, I do not have to worry about this until next October.
The extension to which you are referring concerns the implementation of standards for the electronic transmission of certain health care transactions. The filing of this extension does not extend the HIPAA Privacy compliance deadline!
[ Back to Top ]What are the penalties for non-compliance with HIPAA?
Up to $25,000 per year for each provision violated (up to $1.4 million or more, depending on how HHS counts the provisions). Then there are criminal penalties up to 10 years in prison. In addition misuse of patient information can produce fines of up to $250,000 per offense and/or up to 10 years in prison. There are no penalties for a non-covered entity, however there are other limitations.
[ Back to Top ]If I don't do anything wrong and protect my patients' information, I can't get in trouble, right?
Wrong! Even if you believe that you adequately protect the privacy of patient information, you could be found in non-compliance for not meeting the administrative requirements of HIPAA. It would be a violation even if no improper disclosure of information takes place, but the required procedural safeguards are not in place. In other words, you can be prosecuted even if no harm occurs.
[ Back to Top ]I have a small practice. Does the size of my practice change what regulations apply to me under HIPAA?
No. The only exception is that the deadline for enforcement of transaction regulations is delayed a year for small practices. But the rules are still the same.
According to a PriceWaterhouseCoopers report prepared for Blue Cross and Blue Shield Association, one of the myths about HIPAA is that "HIPAA compliance will be much simpler for small providers." In fact, the only basis for this argument is the ability of small providers to revert to paper/ manual transactions. The TCS requirements are not scalable to reduce the impact on small organizations. An entity will either be able to submit and receive compliant transactions, or not.
The only place small practices get some regulatory relief is that those with fewer than 10 employees are exempt from the electronic filing requirement that Medicare will begin in October 2003. However, if you have ever, or anyone else has ever on your behalf, submitted information electronically, you must comply!
[ Back to Top ]Are faxes and paper records subject to HIPAA compliance rules?
Yes. If you are a covered entity as a result of other electronic transmittals, then your fax transmissions of PHI will be subject to HIPAA compliance regulations as well. "The Rule does not prohibit faxing of individually identifiable health information. Covered entities [our emphasis] must have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI."
Some consultants suggest that covered entities need to unplug their fax at night to prevent the unauthorized viewing of protected health information. Remember that if you are covered, then even your paper records are subject to HIPAA scrutiny, and not just electronic transmittals.
[ Back to Top ]I file some paper claims, and some electronic claims - won't just the electronic claims be subject to the HIPAA rules?
No, the HHS guidance states that if you are a covered entity, even your paper records - and even your oral communications - are subject to HIPAA regulations and compliance.
[ Back to Top ]I can handle HIPAA Privacy Compliance on my own without any outside expertise.
The compliance requirements are quite complicated and convoluted. The CIMS Group employs recognized leaders in the HIPAA regulations. Our consultation services and software will help you maintain compliance easily. Remember, the deadline to achieve compliance with the Privacy regulations is April 14, 2003 deadline. We can help you.
[ Back to Top ]Only a law firm can handle this issue.
While an attorney will be needed for some of the plan document amendments that will be required, it is not necessary to use an attorney for the entire compliance project.
[ Back to Top ]If I act now the laws will probably change between now and then so I will have wasted my time.
The HIPAA Privacy regulations are unlikely to change. The HIPAA regulations were passed in 1996. Since then, there has been much public debate and scrutiny surrounding the privacy issues. In fact, with the release of the final regulations this past August, there have already been several "compromises" that the Department of Health and Human Services has agreed to that make HIPAA Privacy Compliance more reasonable. Companies should not bank on any further changes to the regulations.
[ Back to Top ]