title title

HIPAA Overview for Small Healthcare Providers

What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the Kennedy-Kassebaum Act, is a sweeping set of federal legislation and regulations created to improve the portability of an individual's healthcare coverage when changing jobs and to promote administrative simplification of health insurance. It will significantly impact the way you administer your practice.

Title I of the law deals with improving health insurance access and portability when changing jobs and became effective in September 1996. Title I of HIPAA has helped over 3 million individuals avoid being impacted by pre-existing conditions when changing jobs.

Title II of HIPAA deals with administrative functions in healthcare practices, including regulations which will greatly impact your practice: standardizing code sets and electronic transactions, establishing privacy and security standards, and standardizing identifiers for healthcare entities.

Who Does HIPAA Affect?
The easiest answer is that virtually all healthcare providers in the United States, regardless of size, are subject to HIPAA regulations. HIPAA applies to all healthcare providers who store or transmit electronic information, either directly or indirectly through a billing service, clearinghouse or other arrangement, to government or private payers, or to other healthcare providers. HIPAA arguably applies even to any healthcare provider that uses the telephone or a facsimile machine to transmit patient data.

Regardless, HIPAA's privacy standards represent the new standard of care regarding patient privacy. Additionally, the bulk of HIPAA's regulations reflect solid business practices as well.

What Happens if I Don't Comply?
HIPAA is the law. Non-compliance carries serious penalties, including:

  • $100 per occurrence, up to $25,000 per standard per year for transaction and code set violations.
  • $100 per incident, up to $25,000 per standard, per year, in civil penalties for privacy standard violations.
  • Federal criminal penalties including:
    • Up to $50,000 and/or one year in prison for obtaining or disclosing protected health information
    • Up to $100,000 and/or up to five years in prison for obtaining protected health information under "false pretenses"
    • Up to $250,000 and/or up to 10 years in prison for obtaining or disclosing protected health information with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm.

Enforcement is expected to occur by patient and employee reporting to the Office of Civil Rights within the Department of Health and Human Services. Ignorance is expensive; even the civil penalties can add up quickly. A negligent practice with 1,000 patients could easily incur well over $500,000 in fines in under 12 months.

What Do I Have To Do To Comply?
HIPAA includes three sections with which providers must comply: transactions, privacy and security. Compliance involves:

  • Conducting transactions in a certain way
  • Protecting patient privacy to new, uniform levels and providing patients access to their records
  • Ensuring security of physical and electronic patient records

HIPAA was created to ensure uniformity in the application of transactional, privacy and security standards across the industry. It requires not only that you meet certain standards in these areas, but insists that you document your policies, procedures and how you continue to meet these standards for each individual.

When Do I Have To Comply?
HIPAA is already the law of the United States and is in effect today. However, the Department of Health and Human Services has granted a transition period, indicating that enforcement will begin as follows:

  • Transactions - October 16, 2002. A one-year extension was available, but you must have applied by October 16, 2002 to receive it, otherwise enforcement begins on the original compliance date.
  • Privacy - April 14, 2003
  • Security - To be determined once final regulations are issued later this year.

What Do I Do Next?
The HIPAA regulations cover over 1,500 pages and, even then, do not provide a roadmap to compliance. Those interested in setting up a compliance plan and all of the policies, procedures, job descriptions, forms, and everything else for HIPAA compliance on their own face well over 2,000 hours of work and thousands of dollars in cost.

Thankfully, an easy solution is available. Built just for providers like you, Agent 77's HIPAANow! Toolkit provides training, a comprehensive Guide and Workbook and customer service to give you all the tools you need to make your practice HIPAA compliant. It will still involve a commitment of time and a change in policies and procedures, but the HIPAANow! Toolkit makes HIPAA compliance "easy as A-B-C."

Small providers have an advantage in HIPAA compliance - but they still need to go through the right steps.

Buy the HIPAANow! Toolkit today and get started right away. Contact Agent 77 at 800.294.2556 to order.

Are You Ready For HIPAA?
Check out our HIPAA resources: