Practice Management Systems
Surgery Center Software Experior Electronic Health Records and Electronic Medical Records
Login to Experior Healthcare System's Medical Billing Software
Experior Healthcare Systems Electronic Medical Records
Practice Management : Surgery Centers : Electronic Health Record Experior Healthcare Systems Experior Services Medical Management Software Experior Healthcare Systems News Contact Experior Healthcare Systems

HIPAA Focus: Privacy, Connection 2002, Volume VI
Friday, April 13th, 2007

A landmark step in the Health Insurance Portability and Accountability Act of 1996 or HIPAA was to create definitive ways in which to protect what is considered PHI or Protected Health Information. In the past confidential patient information was protected by a myriad of federal and state laws. The Privacy rule of HIPAA seeks to lay a foundation to which all health providers must comply, in addition, stricter state regulations may apply over and above the federal requirements. The Department of Health and Human Services or DHHS seeks to not only protect this information but also to ensure that patient quality of care is not compromised in the process.

While the Privacy standard became effective in April 2001, most health plans and providers covered by the new rule have until April 2003 to comply. Not only does this rule give patients more control over what types of information can and cannot be released but also it holds providers accountable for violations of patients’ privacy rights. Under these guidelines release of PHI or Protected Health Information will be governed by the patient consent form or by a separate authorization form. The difference between what is covered under a consent and an authorization is a very fine line. A patient consent will authorize release only of protected information for treatment, payment, and operations purposes. When information is released for any of these reasons every effort should be made to only release the minimum amount of information necessary to accomplish these tasks. While consent does not require centers to specify the particular information to be used or disclosed, or the recipients of the information, an authorization for a specific aspect of this protected information does require a separate disclosure. Patients through a separate authorization form must acknowledge information that falls outside of these boundaries. This authorization form must clearly state the purpose of the disclosure, what the information will be used for, and reinforce that patient care will not be compromised if patients opt not to sign the authorization.

It should be noted that the Department of Health and Human Services (DHHS) released proposed changes to the final privacy rule that were published on March 27, 2002 for comment. Listed among these changes is the removal of the prior consent form before a covered entity interacts with a patient. In conjunction with the consent removal, the proposed changes stress that covered entities make a reasonable effort to provide patients with their privacy notice prior to release of protected health information. While the removal of the prior consent is the biggest change, the proposed changes also include relaxation of the “minimum necessary” requirement on oral conversations between providers, restrictions on the use of patient information for marketing purposes and changes to parental access to children’s medical records. The comment period ended on April 26, 2002 but the final changes to the rule have not yet been published.

In the meantime, Experior Corporation can help centers comply with these new standards by supplying sample patient consents and authorization forms. Centers will need to update their chart pack forms to include specific boundaries of the information they plan to release. In addition, centers will need to incorporate entirely separate authorization forms to provide for the release of patient information for purposes such as marketing or research. For more information on changing your consents and authorization forms, please contact Customer Support at (800)595-2020.

Besides the addition of a new patient consent form and if needed an authorization form, centers should also have a notice of privacy practices available for patient review. This should be incorporated into your policies and procedures manual and should be referenced in your patient consent form. Along with HIPAA compliance also comes the right for patients to not only inspect and copy their medical records but also to make amendments to the information. In addition center staff should be trained on the updated privacy regulations so that a renewed investment in the confidentiality of patient health information is apparent throughout the entire center.

Each center should have a designated Privacy official who is responsible for pinpointing areas where protected information may be compromised. This means not only evaluating the locations of charts and printers but also reviewing staff computer access. SurgeOn™ can limit user access throughout the application and provide a View Only access option in the Scheduler. Incorporating these changes along with reviewing your network security are helpful steps towards compliance.

Looking to the future with regards to HIPAA compliance, the employer identification rule was recently published by the DHHS. This rule names the Employer Identification Number (EIN), also known as the tax id number, as the standard for any HIPAA compliant transactions. The final security regulations are also due to be released by the end of this year.

Regardless of where you are in your HIPAA efforts, it is best to remember to maintain a reasonable, thorough, yet well documented, approach to compliance.

« The Ultimate Survivors: Experior enters 25th Year with business better than ever
Experior Healthcare Systems Appoints New Chief Operating Officer »

Admin
© Copyright 2008 Experior Healthcare Systems | 5710 Coventry Lane, Ft Wayne, IN 46804 Phone 800.595.2020 Email sales@experior.com. Site by www.newdentalweb.com.