Addressing the Issues of an Evolving Industry HIPAA Compliance Home Contact Info. Products/Services Events News HR/Employment Patient Resources Client Resources Charity Care Medicaid A/R Audit\Compliance Behavioral Health Educational Consulting Off-Site Projects

HIPAA

All new ARMDS employees are required to attend a training session on the Health Insurance Portability and Accountability Act (HIPAA) soon after their start of employment.  Once yearly, all ARMDS employees are required to attend a refresher course on HIPAA that contains any updates on the law.
           
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.  HIPAA has several provisions covering how the healthcare industry handles patient information and claims.  As employees of ARMDS, we are considered “business associates” under HIPAA.  As such, we are responsible for the privacy and security of patient data.  Compliance with the privacy rule became effective on April 14, 2003.  Protected Health Information (“PHI”) includes patient demographic, financial, and medical information.  PHI should be protected and secured at all times whether on-site at a client or in one of our offices. 
            Practical guidelines to protect patient data include:

1. Patient information obtained by interview, phone, fax, e-mail, or computer system access is to be kept confidential at all times.
2. Have a secure system sign-on—no sharing passwords.  Access only the information needed to complete your assigned task.
3. All files, applications, or bills should be placed in a locked desk or file cabinet at the end of the business day.
4. Unnecessary documents (outdated applications, old bills, etc.) should be shredded.
5. Visitors or unauthorized personnel should not have the ability to access protected health information.  Use screen savers and secure protected health information when not at your workstation.
6. If you are in doubt about the identity of a caller ask for three (3) or four (4) identifiers to ensure that the caller should receive information about the patient.  Examples include: patient middle name, patient account number, patient birth date, etc.  If uncomfortable, refer the call to an Assistant Manager or Manager.

In working with our clients, remember that the consent signed by the patient prior to treatment gives us the right to use and disclose protected health information for treatment, payment, and healthcare operations.  Obtaining and filing PHI for Medicaid or Charity Care applications, as well as for accounts receivable functions (billing, follow-up, collections, cash posting) is permitted under HIPAA since we are engaged in obtaining payment.  Also remember, the company is obligated to report any breach of patient confidentiality to the client.  HIPAA violations will cause disciplinary action up to and including termination.