HIPAA Is Not Do It Once and You’re Done

Lea Chatham
Lea Chatham

Guest post by Lea Chatham, Editor-in-Chief, Getting Paid Blog

I remember when the Health Insurance Portability and Accountability Act (HIPAA) passed. I was working for a leading practice management software vendor. Everyone was overwhelmed by what was involved. We developed a huge amount of education and information for our customers. Some people wondered if the healthcare industry could make such a major change.

Today, HIPAA is ubiquitous. Many practices take it for granted. They are not concerned about a breach because they believe they have done everything they need to do. In a recent study by MedData Group of physicians top practice management priorities for 2015, HIPAA didn’t even make the list.

“We instigated HIPPA when it came out, and it is in place and second nature to us,” said Joann Lister, a provider at a family medicine practice in Texas. “We have all worked at the hospital so we had plenty of training on the rules. Our physical space and computers are confidential. Our practice management and EHR software, Kareo, always goes back to login when we are done in a room so the next patient does not see anything. We have limited personnel so it is easier to know that everyone honors the HIPAA rules.”

The question is: Have practices gotten too complacent with HIPAA? With the latest changes to HIPAA in 2014, have they followed through on making changes and updates? The data and experience of industry experts and consultants suggests that there may be a problem with HIPAA compliance.

“The last analysis we did for a practice had 41 pages of regulations that required implementation,” recalled practice management consultant Rochelle Glassman, CEO of United Physician Services. “Most practices do not know what the complete requirements are. They believe that if they have the patients sign the privacy form that is all they need to do. This year there were updates that included the new HITECH Act and the HIPAA Omnibus rule. I can guarantee that many practices have not updated their HIPAA program to include the changes because they do not even know they exist.”

Continue Reading