Navigating HIPAA in the Electronic Age:
What DCs Must Know
SOURCE: ACA News ~ March 2015
By Gina Shaw
It has been nearly 20 years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was passed and more than five years since its privacy protections for health care consumers were significantly strengthened by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, as more healthcare transactions became electronic.
But even so, many clinicians — especially those in smaller, often non-hospital-affiliated practices such as chiropractic — may not be up to speed on what they need to do to protect their patients’ privacy in the electronic age and comply with laws like HIPAA and HITECH, says Steven Baker, DC, DABFP, DABCO, a councilor with the Council on Chiropractic Education.
“Pretty much every office has a HIPAA form that they have their patients sign, saying here’s what we can do with your information,” he says. “But often they have just picked it up from a practice management group, and they may not really know what’s on that form or what it obligates them to do.”
So here are a few things every doctor of chiropractic (DC) and chiropractic office staffer should know about electronic privacy:
1. Do the laws apply to you?
Most health care practitioners are considered “covered entities” under HIPAA and HITECH — but not necessarily all. Healthcare providers are considered covered entities if they electronically transmit “PHI” — protected health information. You can collect individually identifiable health information without transmitting it electronically, although that’s becoming rare these days.
Learn more about HIPPA @ our:
If you take only private-pay patients and/or do all your billing on paper, you may not be considered a covered entity under HIPAA. But the moment that you send any type of PHI outside of your office in electronic form, HIPAA almost certainly applies. And even if you have an almost completely paper-based office, if you keep any patient information on a computer system that has wireless access to the outside world, you may be vulnerable to hacking — which, technically speaking, means you’re “transmitting” your patients’ information, however inadvertently.
In order to be safe, check with the Department of Health and Human Services’ Office of Civil Rights (OCR), which is charged with the patient privacy protection aspects of HIPAA. (www.hhs.gov/ocr/privacy)