HIPAA Myths and Realities for Physician Practice Managers

Presented by Shana Wolfe, CHC

Corporate Compliance Officer, Washington County Health System

Co-chair of HIPAA Task Force

May 14, 2002

Administrative Simplification?

• H ealth

• I nsurance

• P ortability and

• A ccountablity

• A ct of 1996

THE ADMINISTRATIVE SIMPLIFICATION PART OF HIPAA HAS 3 PURPOSES:

• To safeguard patient confidentiality

• To promote electronic (computer-to-computer) standardized healthcare transactions

• Maintain the security of healthcare information in electronic form

MYTH VS. REALITY

• What does HIPAA require of the physician practice that I manage?

• What do we need to do first?

• What resources are available to help us?

• How much will all this cost?

• What are the penalties for non-compliance?

• Are there any benefits in HIPAA?

HIPAA SECTIONS

• Privacy• Security• Transactions and Code

Sets• National Identifiers

– Provider

– Health Plan

– Employer

– Individual

MYTH

If we only file paper claims, we don’t have to worry about HIPAA. It only applies to offices that file electronic claims and we’re too small.

REALITY

If your office uses a third-party claims processor or billing agent, chances are that they file your claims electronically. Medicare will soon require all claims to be filed electronically.

MYTH

Labs and other test providers won’t be able to fax results to our office anymore. We won’t be able to fax referrals or reports anymore. And forget about using the Internet!

REALITY

Nothing in HIPAA outlaws fax or internet communications. Eliminating the use of fax machines and other technologies could slow patient care. Exercise reasonable security.

MYTH

We won’t be able to call patients’ names in our waiting room because that will violate HIPAA. We’ll have to assign them numbers or give out pagers.

REALITY

Address your patients with respect and friendliness. Don’t disclose any healthcare information in the waiting area or at the reception desk. Use common sense.

MYTH

We will have to eliminate the use of sign-in sheets because patients will be able to see other patient’s names when they sign in at the front desk.

REALITY

HIPAA doesn’t specifically prohibit sign-in sheets or other office processes that contain patient names. Again, use common sense. Don’t include patient conditions or physician names.

MYTH

Under HIPAA, we won’t be able to send reminder postcards, and we won’t be able to confirm patient appointments by phone. Our no-shows will go through the roof!

REALITY

If you advise patients in your Notice of Privacy Practices that you will send postcards or make reminder phone calls, you can continue this practice appropriately.

MYTH

We’ll have to get rid of the chart holders outside the exam rooms, or keep them under lock and key, because patients will be able to see health information.

REALITY

Chart holders are not specifically mentioned in HIPAA regulations. Even office “whiteboards” for scheduling purposes are OK. Just use common sense and discretion.

MYTH

Under HIPAA, we won’t be able to call in prescriptions or schedule procedures without the patient’s consent. And how will our physicians discuss a case with the patient’s other doctors?

REALITYHIPAA did have some

“quirks” that could have made these processes difficult. But changes have been proposed to ease these routine tasks. Discussions about patient care are always acceptable.

MYTH

We’ll have to soundproof our exam rooms and front office area so patients can’t overhear discussions about other patients. This could get expensive!!

REALITY

HIPAA doesn’t require soundproof rooms or whispered conversations. Use common sense--keep your voice down, and let patients know that you value their privacy.

MYTH

Patients will be able to see their charts any time they want to, and they can even change things if they request it. We’ll need to add staff to deal with all the interruptions!

REALITYDepending upon your

state, patients may have already had these rights. And you don’t need to change existing records. Patients can add their own statements, or you can explain why things are correct.

MYTH

We’ll probably have to replace our entire computer system and get new billing software. And even if we don’t, it’s going to be expensive to test our claims and pay a clearinghouse.

REALITY

Take time soon to talk to your computer advisor or the company that developed your billing software. Ask them what they’re doing about HIPAA and what it might cost.

MYTH

This HIPAA stuff is so complicated that we’ll need to hire a lawyer to get us on track. There’s no way we can understand it all, much less do what we need to do on time.

REALITY

HIPAA is manageable. Take advantage of your professional resources, like MGMA, and check out the Maryland Health Care Commission website for good information.

WHAT SHOULD WE DO?• Learn as much as you can about HIPAA from

readily available sources (see list of useful websites in the handouts)

• Contact your computer consultant and/or software vendor SOON. (see sample letter)

• Consider filing for a one-year extension to comply with the transaction standards. The deadline is October 15, 2002. (see the CMS/HCFA website)

WHAT SHOULD WE DO?

• Consider getting the free HIPAA software from the Maryland Health Care Commission for education and planning purposes. It has lots of good examples.

• Network with others in your situation.

• Make a plan with timelines and share the load.

• DON’T PANIC -- You can manage this!

THANK YOU!

Any questions?