HIPAA: Ready or not here it comes

Sunday, March 16, 2003

March 17, 2003

WASHINGTON - HIPAA's privacy regulations go into effect April 14th, and while some HME providers appear well on their way to meeting that deadline, the majority, it seems, have miles to go before they sleep.

"People that I'm seeing in my seminars are saying, "We have to do what? We have to put our records under lock and key? We have to be careful how we talk in our office and who has access to our office?' For a lot of people this stuff has come out of left field," said Bruce Bothis, president of Centralized Billing & Intake in Parker, Colo.

Since originally conceived, HIPAA's privacy regs have been simplified and made less onerous, say industry watchers. They are by no means a cake-walk to implement, however. While HIPAA requires providers to jump through more hoops, the good news is that many of the privacy requirements are things providers probably already do. The trick comes in writing down those procedures, organizing them into a plan, adding some elements, subtracting others. Allowing six months for that process would have provided a nice, unhurried transition. A company that hasn't begun yet can probably implement them in two months provided they assign someone to the task full time, sources say.

Penalties for violating the HIPAA privacy regulations range from $100 to $250,000 and 10 years in jail.