HIPAA compliance: It’s an obligation healthcare facilities like yours are very familiar with, and yet its rules still cause confusion. With changes brought about by the rise in technology, it’s even tougher to get HIPAA right—and yet the cost of mistakes is only rising. Could your practice weather a HIPAA audit unscathed?
In his latest webinar on the topic—“HIPAA Enforcement by States & HHS”—consultant Jim Sheldon-Dean discusses the recent enforcement crackdowns at both the federal and state level, teasing out lessons learned to help you survive a HIPAA audit. Plus, Sheldon-Dean offers tips about how to use the Health and Human Services (HHS) HIPAA Audit Protocol as a survival guide.
E-Claims Must Follow HIPAA Title II
Your practice probably has at least one training per year on the Health Insurance Portability and Accountability Act (HIPAA), signed into law in 1996. As tedious as such courses can be, keep in mind that security risks to electronic health records (EHRs) are on the rise and one small slip-up can lead to big losses.
HIPAA is broken into Title I and Title II. Title I mostly addresses how providers interact with patients. Title II — which outlines regulations and standards for electronic transactions — is especially important for medical coders, billers, and healthcare administration professionals to get right.
Since your claims are often electronic, they are not immune from HIPAA. So HIPAA compliance should play a huge role in your billing processes. In fact, HIPAA mandates that claims adhere to a certain standardized format. And Title II not only outlines rules to follow, but also describes what sorts of consequences should be issued for noncompliance.
HIPAA Audits and the HITECH Act
One way to ensure compliance to Title II is through audits. Ever the dreaded word, audits are a reality. And continually updating your office’s ability to handle them should be a regular, important part of your practice’s compliance strategy.
Compliance checks can come from the federal level—that is, from the HHS’s Office for Civil Rights (OCR)—or from the state level.
You’re probably very familiar with the OCR audits: Part of that agency’s mandate is performing periodic checks to ensure practices are following HIPAA policy rules. But in recent years, state checks have become more common. In 2009, the Health Information Technology for Clinical and Economic Health (HITECH) Act allowed state attorneys general to act on behalf of their citizens when it came to HIPAA violations.
So what does all this scrutiny on your practice mean for you? Nothing more than taking extra care to get your compliance ducks in a row. There are a few proactive steps you can take, such as having the right documentation, and knowing how to use the HIPAA Audit Protocol as a guide.
Audit Defense: Documentation and Protocol
A first line of defense in any audit is documentation. In terms of HIPAA, this means having frequent HIPAA training for your staff—as well as documentation that these courses were completed. It also means establishing appropriate protocols, conducting annual risk assessments, documenting assessment findings, and taking (and documenting) corrective action.
More: A savvy practice will know how to use the HIPAA Audit Protocol as a guide in compliance efforts. The protocol explains the nitty gritty—such as what documentation is required of which entities, how to submit each document, and what document formats to use.
Don’t let an audit requests catch you by surprise, Sheldon-Dean warns. He offers clear guidance on how to be proactive and prepared in his webinar: “HIPAA Enforcement by States & HHS: Get Ready to Respond to Your State’s Attorney General & the Office for Civil Rights.”