HIPAA Compliance

We support our troops!

Confused on HIPAA, let us help.....

QMBS can supply your practice with HIPAA approved Polices and Procedures forms and Compliance Manual just designed for your practice.
Call or Email us for a consult on your HIPAA preparations.
We have a checklist that we can go over with you to see if your practice is HIPAA
Compliant.

The deadline of October 16th, 2003 has passed. You MUST be HIPAA compliant.

Think you're HIPAA ready? Here's some questions to answer:

Do you have your Notice of Privacy Practices posted?
Do you have a Code of Ethics and Conduct in order?
Does the practice utilize a patient sign in sheet?
Are your appointment books where patients can read them?
Are your computer screens where patients can see them?
Do you have your patients sign a consent and authorization form?
Are you filing cabinets unlocked and where patients can reach them?
Do you have Business Associates Agreements with all your employees, contractors, etc?
Do you have employees discuss private information on the phone, when patients are in hearing range?

These are just some questions that will prove if you are HIPAA compliant. We have a checklist that we can go over with you to see if your office is HIPAA compliant.

Does HIPAA apply to small practices? The answer is the Privacy issues apply to all practices. The code sets apply to physicians using billing centers or billing electronically (which in the future all physicians will have to do). Generally if you have a computer make sure that you know how to protect the information on that computer. HIPAA basically applies to everyone and throughout the next couple of years it will be getting stronger.

The four Components of HIPAA are:

Electronic Transaction and Code Set Standards Requirements
Privacy Standards Requirements
Security Standards Requirements
National Identifier Requirements

Who is Affected by HIPAA?

The HIPAA requirements apply directly to 3 specific groups commonly referred to as "Covered Entities". These groups include:

Providers- Those who transmit any PHI electronically in connection with a transaction for which standard requirements have been adopted.

Health Plans - These include any government (Medicare, etc) or non-government organizations or private plan that provides or pays for medical care. An exception in the law was granted to state Workers Compensation plans.

Health Care Clearinghouses - These are organization that translate nonstandard information into a standard transaction or covert a standard transaction into a nonstandard format. This also includes Billing Centers and Repricing Companies.

Do you have to be HIPAA compliant?

It's conditional. Definitely if you:

Employ more than 10 FT employees, you are required to file Medicare electronically, therefore you are a Covered Entity.
If you use a Billing Center to file your Claims
If you sign a Business Associates Agreement with anyone
If you are filing ANY claims electronically

If you are an office ran on paper under these conditions below you are NOT a Covered Entity, therefore you are not required to be HIPAA compliant.

Keep records in your office on paper. You must file paper claims.
Do NOT use a billing center, clearinghouse or other third party to conduct transactions such as submitting electronic claims for you
Do not volunteer to become HIPAA entity by function, contract or certification.
Refuse to sign any Business Associates Agreement
Do not put any patient or practice information on a computer, everything has to be on paper.
Do not fax any patient information from your computer
Do not reside in a state that mandates that all providers be HIPAA entities.

If you do ALL these above (and you must do ALL of them) you are not a Covered Entity and do not have to be HIPAA compliant.

This is what can happen to you if you're not HIPAA compliant:

Improper use or disclosure of PHI (Private Health Information) can result in the following fines:

Civil monetary penalties for HIPAA privacy violations are $100 per incident, up to $25,000 per person, per year, per standard
A person who knowingly violates HIPAA and obtains IIHI (Individual Identifiable Health Information) or discloses IIHI to another person may be fined up to $50,000 and imprisoned up to 1 year, or both.
If the offense is committed with the intent to sell, transfer or use IIHI for commercial advantage, personal gain, or malicious harm, the fine may be up to $250,000 and imprisonment up to 10 years.

Our company holds a Certification of Completion

OIG Compliance guidance training.

NEWSFLASH: Your Malpractice insurance will NOT cover HIPAA violations!!!!

Helpful HIPAA Links: