Time is running out to meet two key HIPAA deadlines
From the March ACP-ASIM Observer, copyright © 2003 by the American College of Physicians-American Society of Internal Medicine.
By Margo Williams
April showers might bring May flowers, but many in health care are bracing for the dark clouds of HIPAA.
That's because next month, just about everyone in health care must comply with two major regulations that are part of the Health Information Portability and Accountability Act, better known as HIPAA. On April 14, the law's privacy regulations take effect. Two days later, most practices must begin testing electronic transactions to make sure they meet the federal government's new standards.
The looming deadlines mean that practices have only a few short weeks left to make sure they comply with HIPAA regulations. There is some good news, however.
The HIPAA transactions rule promises to save physicians money in the long run by streamlining electronic communications, such as electronic claims between physicians, insurers and other health care organizations. The end result of the transactions rule is that paper claims, which are costly to process, eventually will be replaced by inexpensive electronic transactions.
HIPAA's new privacy rules, meanwhile, will give patients more confidence that all health care organizations are doing a better job of protecting patients' private information.
With the April deadlines approaching, here are some answers to commonly asked questions about the HIPAA regulations and their deadlines:
Q: Don't small practices have until April 2004 to comply with the HIPAA regulations?
A: No. Only small health plans that meet very specific criteria received an extension until April of next year. Everyone else in health care, including physicians, needs to get ready much sooner.
First, let's talk about the transactions rule. While the original deadline for implementing it was last October, the government granted extensions to organizations that filed for one. Even if you filed for an extension, however, you must still begin testing your HIPAA-ready computer systems by April 16. You must fully comply with the transactions rule by Oct. 16 of this year.
And if you think you can get around the regulations by filing only paper claims, think again. By Oct. 16 of this year, a new law will require just about everyone to file all Medicare claims electronically. A waiver will allow practices with fewer than 10 full-time employees to file paper claims, but it is not yet clear how that waiver program will work.
In addition, no one knows whether private payers will allow small practices to continue filing paper claims, or for how long. Eventually, most payers probably will require physicians to file claims electronically to eliminate the high costs of processing paper claims.
If your software vendor has already modified your office system so you can comply with the transactions standard, start testing sample claims as soon as possible. If your vendor hasn't made any changes to your system, you need to quickly develop an alternate plan, which could involve the costly and time-consuming process of replacing your vendor.
Regarding HIPAA's privacy regulations, your practice should be ready to comply by April 14 if it is a "covered entity." HIPAA defines "covered entities" as organizations that conduct any "designated transactions" electronically. (Designated transactions include claims, eligibility verification and remittances.)
These privacy regulations will require even more effort from your office staff. Most practices will need to modify some existing policies and procedures, as well as implement certain new forms and systems.
Q: Will I need to get authorization to release records to other physicians? What about life and health insurance underwriters?
A: You don't need patient authorization to release records to other physicians, hospitals, health plans or any organization that provides medical services. The privacy rules state that physicians may use and disclose health information to other direct or indirect treatment providers.
You can also release patient information for payment purposes—such as to health or auto insurers and billing agencies—and for operational purposes like quality assurance activities.
You will need patient authorization, however, to disclose information for purposes other than treatment, payment or operations. You will need authorization, for example, if a life insurance underwriter requests a copy of a patient's medical record to determine whether to insure her.
You'll also need patient authorization if a health insurer wants information on a patient before it has begun paying for services you provide. The insurer may want information to set its premiums or to determine whether a patient has any pre-existing conditions, for example.
You don't need patient authorization, however, to give information to a health insurer if it is related to payments for services that you provided to that patient. You also don't need authorization to tell an insurer that a patient has a permanent disability that makes her eligible for disability benefits.
For more on complying with the HIPAA privacy regulations, see "Answers to questions about the HIPAA privacy rule," in the February ACP-ASIM Observer online.
Margo Williams is a practice management associate in the College's Washington office.
Need some last-minute help getting ready for the regulations that are part of the Health Information Portability and Accountability Act? The College offers several tools to help you meet the regulations without disrupting your practice.
Web resources. The Practice Management Center's HIPAA Web page offers one-stop shopping to meet virtually all of your HIPAA needs, and its resources are free for members. The Web page includes an overview of all HIPAA regulations and free manuals you can customize for your practice, as well as answers to frequently asked questions, online advice and links to other resources.
Audioconference. Staff from the College's Washington office will present an audioconference, "Are You Ready for HIPAA?" on Thursday, March 20 from 3 to 4 p.m., EST.
ACP-ASIM's HIPAA specialists will outline what practices should be doing and answer questions. The audioconference costs $30 per phone line for members, and any number of practice personnel may listen on a single line. The first 25 members to call will receive free registration.
To sign up, call ACP-ASIM Customer Service at 800-523-1546, ext. 2600, or 215-351-2600 (9 a.m. to 5 p.m., EST).
Annual Session. "HIPAA's Requirements and Impact, Plus Tools to Help You Comply" will be offered at Annual Session in San Diego on Sat., April 5 at 1:45 p.m. Information about this and other Annual Session courses is available online.
Internist Archives Quick Links
New Leadership Webinars
The ACP Leadership Academy is offering FREE webinars covering the core tenets of leadership, leadership in hospital medicine, finance, and more.
Join ACP Today!
ACP membership connects you with like-minded colleagues and provides access to a variety of clinical resources, practice tools, and ways to earn MOC and CME.