HIPAA: Ready or not, here it comes

WASHINGTON - HIPAA's privacy regulations go into effect April 14th, and while some HME providers appear well on their way to meeting that deadline, the majority, it seems, have miles to go before they sleep. “People that I'm seeing in my seminars are saying, “We have to do what? We have to put our records under lock and key? We have to be careful how we talk in our office and who has access to our office?' For a lot of people this stuff has come out of left field,” said Bruce Bothis, president of Centralized Billing & Intake in Parker, Colo. Since originally conceived, HIPAA's privacy regs have been simplified and made less onerous, say industry watchers. They are by no means a cake-walk to implement, however. While HIPAA requires providers to jump through more hoops, the good news is that many of the privacy requirements are things providers probably already do. The trick comes in writing down those procedures, organizing them into a plan, adding some WASHINGTON - HIPAA's privacy regulations go into effect April 14th, and while some HME providers appear well on their way to meeting that deadline, the majority, it seems, have miles to go before they sleep. “People that I'm seeing in my seminars are saying, “We have to do what? We have to put our records under lock and key? We have to be careful how we talk in our office and who has access to our office?' For a lot of people this stuff has come out of left field,” said Bruce Bothis, president of Centralized Billing & Intake in Parker, Colo. Since originally conceived, HIPAA's privacy regs have been simplified and made less onerous, say industry watchers. They are by no means a cake-walk to implement, however. While HIPAA requires providers to jump through more hoops, the good news is that many of the privacy requirements are things providers probably already do. The trick comes in writing down those procedures, organizing them into a plan, adding some elements, subtracting others. Allowing six months for that process would have provided a nice, unhurried transition. A company that hasn't begun yet can probably implement them in two months provided they assign someone to the task full time, sources say. “If you do it right, there are a number of benefits that come from it other than just being compliant,” said healthcare attorney Neil Ceasar, Health Law Center, in Greenville, S.C. “It gives the right message, allows you to communicate internally much more effectively. Your employees are much more motivated and feel better about working there. You are much more able to market your compliance to patients and lenders.” One provider who's feeling pretty good about his HIPAA privacy compliance is Fran Burke, owner of Burke Medical Equipment in Chicopee, Mass. “We're 100% on board and practicing as if it's in force today,” Burke said in late February. “We have a lot of (industry) people who are moaning and groaning and mashing their teeth, but at the end of the day it's only the kind of respect for privacy that you or I would expect for ourselves.” Bob Clay, president of Clay Medical Services in Fresno, Calif., is another early adopter. “We're following all the rules and regulations on privacy and patient information,” Clay said. “But I know companies in my region that don't have a clue. They haven't done what we've done, haven't gone out to get the information, and I wouldn't want to be in their shoes.” Many procrastinators are probably the same companies that didn't think it important to implement compliance programs when the OIG started recommending them years ago,” said Maureen Hanna, president of Healthcare Reimbursement Specialists in Fountain Hills, Az. “They just don't see the urgency,” Hanna said. “They don't seem to understand there is a requirement. This isn't voluntary.” Penalties for violating the HIPAA privacy regulations range from $100 to $250,000 and 10 years in jail. And even though CMS, which is already spread thin, may have a tough time enforcing the regs, there's another reason to get them in place, sources say. “I assure you that someone who comes under the microscope for HIPAA will quickly come under the microscope for reimbursement,” said Ceasar. “Once someone is sloppy, it is a beacon going off.” HME Privacy The Health Insurance Portability and Accountability Act of 1997 privacy regs govern how providers must handle Protected Health Information (PHI) in-house and who they can disclose that patient information to outside the office. With few exceptions, an individuals healthcare information should be used for health purposes only, including payment and treatment.