HIPAA Overview for Small Healthcare Providers
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), also known as the
Kennedy-Kassebaum Act, is a sweeping set of federal legislation and regulations created to
improve the portability of an individual's healthcare coverage when changing jobs and to
promote administrative simplification of health insurance. It will significantly impact the
way you administer your practice.
Title I of the law deals with improving health insurance access and portability when changing
jobs and became effective in September 1996. Title I of HIPAA has helped over 3 million
individuals avoid being impacted by pre-existing conditions when changing jobs.
Title II of HIPAA deals with administrative functions in healthcare practices, including
regulations which will greatly impact your practice: standardizing code sets and electronic
transactions, establishing privacy and security standards, and standardizing identifiers for
Who Does HIPAA Affect?
The easiest answer is that virtually all healthcare providers in the United States, regardless
of size, are subject to HIPAA regulations. HIPAA applies to all healthcare providers who store
or transmit electronic information, either directly or indirectly through a billing service,
clearinghouse or other arrangement, to government or private payers, or to other healthcare
providers. HIPAA arguably applies even to any healthcare provider that uses the telephone or a
facsimile machine to transmit patient data.
Regardless, HIPAA's privacy standards represent the new standard of care regarding patient
privacy. Additionally, the bulk of HIPAA's regulations reflect solid business practices as
What Happens if I Don't Comply?
HIPAA is the law. Non-compliance carries serious penalties, including:
- $100 per occurrence, up to $25,000 per standard per year for transaction and code set violations.
- $100 per incident, up to $25,000 per standard, per year, in civil penalties for privacy standard violations.
- Federal criminal penalties including:
- Up to $50,000 and/or one year in prison for obtaining or disclosing protected health information
- Up to $100,000 and/or up to five years in prison for obtaining protected health information under "false
- Up to $250,000 and/or up to 10 years in prison for obtaining or disclosing protected health information
with the intent to sell, transfer or use it for commercial advantage, personal gain or malicious harm.
Enforcement is expected to occur by patient and employee reporting to the Office of Civil Rights within the
Department of Health and Human Services. Ignorance is expensive; even the civil penalties can add up quickly.
A negligent practice with 1,000 patients could easily incur well over $500,000 in fines in under 12 months.
What Do I Have To Do To Comply?
HIPAA includes three sections with which providers must comply: transactions, privacy and security. Compliance
- Conducting transactions in a certain way
- Protecting patient privacy to new, uniform levels and providing patients access to their records
- Ensuring security of physical and electronic patient records
HIPAA was created to ensure uniformity in the application of transactional, privacy and security standards across
the industry. It requires not only that you meet certain standards in these areas, but insists that you document
your policies, procedures and how you continue to meet these standards for each individual.
When Do I Have To Comply?
HIPAA is already the law of the United States and is in effect today. However, the Department of Health and Human Services
has granted a transition period, indicating that enforcement will begin as follows:
- Transactions - October 16, 2002. A one-year extension was available, but you must have applied by October 16, 2002 to receive it, otherwise enforcement begins on the original compliance date.
- Privacy - April 14, 2003
- Security - To be determined once final regulations are issued later this year.
What Do I Do Next?
The HIPAA regulations cover over 1,500 pages and, even then, do not provide a roadmap to compliance. Those
interested in setting up a compliance plan and all of the policies, procedures, job descriptions, forms, and
everything else for HIPAA compliance on their own face well over 2,000 hours of work and thousands of dollars
Thankfully, an easy solution is available. Built just for providers like you, Agent 77's HIPAANow! Toolkit
provides training, a comprehensive Guide and Workbook and customer service to give you all the tools you need
to make your practice HIPAA compliant. It will still involve a commitment of time and a change in policies and
procedures, but the HIPAANow! Toolkit makes HIPAA compliance "easy as A-B-C."
Small providers have an advantage in HIPAA compliance - but they still need to go through the right steps.
Buy the HIPAANow! Toolkit today and get started right away. Contact Agent 77 at 800.294.2556 to order.
Are You Ready For HIPAA?