One vital component for your holistic practice’s success is maintaining HIPAA compliance because it protects patient information, secures your operations, and prevents the chance of a breach that can greatly impact your practice’s reputation. We’ve compiled this comprehensive HIPAA cheat sheet to help you further understand this important legislation and how it pertains to your holistic practice.
The Health Insurance Portability and Accountability Act was signed into law on August 21, 1996. This vital piece of legislation created national standards to protect sensitive information regarding patient health from being shared or disclosed without the patient’s knowledge or consent. Basically, HIPAA prevents personal health information (PHI) from being discussed without the patient’s awareness and fortifies a patient’s privacy.
In addition to securing patient privacy and health information, HIPAA legislation aimed to prevent fraud and waste while also promoting medical saving opportunities across the healthcare industry as a whole. For example, certain tax breaks were established in this Act.
In 2009, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed, which establishes technological compliance requirements in alignment with HIPAA practices. This Act encourages the implementation of electronic health records to secure patient information and features the Breach Notification Rule stating that breaches exceeding 500 individual records must be reported to the Department of Health and Human Services’ Office for Civil Rights (OCR).
The latest legislation related to HIPAA was the Final Omnibus Rule, approved in 2013. The purpose of this Rule is primarily to refine HIPAA definitions and include compliance requirements for new pieces of technology, such as mobile devices.
Besides protecting your patients’ information and safeguarding their privacy, HIPAA provides some administrative benefits to your holistic practice. Encouraging the transition from paper to electronic health records streamlines your practice and allows for more collaboration with other providers pertinent to your patients. Plus, all HIPAA-covered entities must utilize the same set of codes, so communication from one practice to another organization is further streamlined for efficiency.
Let’s break down some of the most essential components of HIPAA for your holistic practice’s reference:
Personal health information, known as PHI, can take on a variety of forms that are all relevant to following HIPAA compliance. Here are the 18 types of information that are considered protected health information (PHI) under HIPAA:
ePHI, or electronic personal health information, simply refers to PHI that is transferred, accessed, or stored electronically. The same protections apply across PHI and ePHI.
Since PHI can be present in a variety of fields and formats, there are multiple types of individuals and organizations who must comply with HIPAA guidelines as they come across it, including:
The ultimate aim of HIPAA legislation is to protect sensitive patient information across all platforms, so it’s vital that all parties follow HIPAA regulations when applicable.
The Privacy Rule essentially dictates that sensitive information is only used or disclosed with appropriate safeguards in place. It also stipulates that patients have rights to access their personal health information, obtain a copy of their records, authorize the communication of their records, and more.
Proposed in 1998 by the Department of Health and Human Services, and later ratified in 2003, the Security Rule sought to improve the security of a person’s health information that is shared between authorized parties, such as healthcare providers, health plans, and other pertinent organizations.
The Breach Notification Rule was officially adopted in September 2009 and stipulates that any breach of electronic personal health information exceeding 500 individual records must be reported to the OCR and that each individual must be alerted to the breach, as well.
A breach is defined in HIPAA section 164.402 as:
“The acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.”
When a breach occurs, the business or organization affected must determine the severity by considering what type of information was involved, who potentially saw this information, and evaluate the risk of the incident. From there, the organization can proceed with either patient notification—if the incident qualifies as a breach—or further risk mitigation.
There are also three exclusions to what counts as a breach:
The Omnibus Rule is the latest piece of legislation to be associated with HIPAA. Taking effect in 2013, this Rule updates some definitions contained within the original act and expands the liability of businesses for not being HIPAA compliant. It also further protects patient information since it requires businesses to adhere to the Privacy and Security Rules which strengthen security measures when handling PHI and ePHI.
The experts here at Holistic Billing Services are HIPAA certified to handle your patients’ personal health information while streamlining your overall revenue cycle with excellent medical billing and coding processing. Your success is our success, and we offer a range of services to partner with your holistic practice including medical billing, consultation services, and more!
Our expertise is rooted in professional, technical, and global billing for hospital and stand-alone holistic care practices. To learn more about how outsourced medical billing with Holistic Billing Services can empower your practice, contact us today. We’ll work with you to build a customized solution that meets the specific needs of your practice and allows you to get back to treating patients.