As a therapist, you must be familiar with Health Information Portability and Protection Act (HIPAA).
You should also know something about the revised rules known as Health Information Technology for Economic and Clinical Health Act (HITECH).
These laws cover individuals and entities that have access to patient information. They also cover those who provide aid in treatment, operations, and in the processing of payments in the healthcare industry.
In other words, it covers a lot of things about your practice. It’s a must for you to be familiar with it.
A Look Back: History of HIPAA
HIPAA was enacted back in 1996. Its aim is to ensure the privacy of patient information by establishing rules on its proper protection. The rules established by the law would apply to a business that has at least one of the following:
- Health plans
- Healthcare providers that conduct transactions electronically
- Healthcare clearinghouses
Things You Need to Know about HIPAA
HIPAA sets some standards for practices in the healthcare industry. It is not surprising that there are some things that are misunderstood about it. The following are some of the things that you need to realize about HIPAA:
1.HIPAA is Not Voluntary
HIPAA is not voluntary. If a business has any of the aspects mentioned earlier, then HIPAA compliance is a must. Failure to comply with it will have serious legal consequences.
HIPAA is quite strict when it comes to mandating safeguards to protect patient information. Aside from mandating technical safeguards, HIPAA also mandates physical protection of information to keep patient information safe.
Those physical protections include limiting access to the facility, how to properly transfer information, and how to remove information.
3.It Does Not Set Procedure
One of the misconceptions about HIPAA is that it sets procedure. HIPAA does not recommend a procedure or a platform that can be used for securing data.
It is up to the practitioner to choose the best platform that can be used. Failure to protect patient information can cause a practitioner to be considered as negligent.
That means stating that a practice is HIPAA compliant does not guarantee anything. Patients will have to look deeper themselves to check how their information is protected by the practitioner.
4.HIPAA and Training
What is mandated by HIPAA is proper training of personnel. It states that everyone who is involved in handling patient information must be properly trained when it comes to reporting needs, policies, and protocols for data protection.
Another aspect where HIPAA is quite strict is about reporting violations. HIPAA requires that a healthcare provider or anyone handling the data, to report violations right away.
The violations should be reported to Department of Health and Human Services (HHS) in the Office of Civil Rights (OCR). This places a real responsibility on the shoulders of the provider.
6.HIPAA Compliance is Not Overly Expensive
One of the misconceptions about HIPAA compliance is that it costs a lot. The setup costs would vary but overall, becoming compliant is not going to eat up too much profit.
7.Fines Can Be Expensive
While becoming HIPAA compliant is not going to be overly expensive, the fines can be. That is one way of ensuring organizations will try their best to become compliant.
8.Business Associates Agreements
HIPAA requires that providers should have comprehensive Business Associate Agreements. These BAA will state the policies. Not having comprehensive BAAs can be interpreted as negligence on the part of the practitioner.
It can also lead to substantial fines which will be charged per incident, not to mention possible criminal charges.
As a practitioner, these are just some of the things that you ought to know about HIPAA. Knowing about the things included in this law will be crucial to your practice.