770-670-6840 855-MyTier3 (698-4373)

Medical Practice HIPAA Compliance

HIPAA Compliance

What exactly is HIPAA compliance?  In general, the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) require the Department of Health and Human Services (HHS) to adopt national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. To date, the implementation of HIPAA standards has increased the use of electronic data interchange. Provisions under the Affordable Care Act of 2010 will further these increases and include requirements to adopt:
  • operating rules for each of the HIPAA covered transactions
  • a unique, standard Health Plan Identifier (HPID)
  • a standard and operating rules for electronic funds transfer (EFT) and electronic remittance advice (RA) and claims attachments.

In addition, health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.

Are you HIPAA compliant?  Would you know if you were not HIPAA compliant?  Below are a few tips to become HIPAA compliant.

How to be HIPAA Compliant

  • Check all your electronic safeguards, including network encryption, anti-virus software and email encryption. This is likely the most important part of HIPAA compliance because hackers seek out weak or unprotected networks.  Have a security risk analysis performed yearly on your network.
  • Ask patients to sign forms specifying who is and is not allowed access to their records beyond the standard of doctors and insurance companies. This could include family members, employers or friends whom they trust to view their information.

  • Verify authorization and identity before releasing information to any person or company. Ask security questions or personal information such as social security number and date of birth to ensure you are speaking to the correct person. If a form is emailed or faxed authorizing the release of records, check the patient’s signature against the signature on the form to ensure they match.
  • Check to see what type of information the person or company is authorized to receive. Health insurance companies are usually authorized to all information, while a patient may only want a family member to have access to certain parts of his medical information.

HIPAA compliance is a very serious matter.  If you have any questions, please contact our Security Department at 855-698-4373.