|
2006: As a continuous proof that states' laws are changing to comply and match HIPAA law, California introduced AB 3013 (Koretz) Medical Information: Disclosures. This bill strengthens patient confidentiality laws by conforming California law to provisions of HIPAA. It limits the release of patient information, provides the patient the opportunity to prohibit such a release, and permits the health care provider to make judgments regarding releases in emergency situations.
2006: As of mid 2006, about 20,000 grievances, primarily regarding disclosures, have been filed and investigated by HHS. The most common allegations have been that personal medical details were wrongly revealed, information was poorly protected, more details were disclosed than necessary, proper authorization was not obtained or patients were frustrated getting their own records. So far the feds have been investigating only as a response to filed complaints and do not conduct their own inspections.
2006: As of 2006, the feds continue to take an educational corrective approach to HIPAA in dealing with those who violate the law. As long as there is no clear criminal or malicious intent or intentional disregard for HIPAA law, they seem to work with the violators to fix the problem. HHS would like to see “reasonably diligent efforts to understand and comply with HIPAA rules.” Merely stating that one did not know s/he was in violation would not be an adequate defense. As far as clinicians are concerned, basic HIPAA knowledge and basic forms, such as the simple form, HIPAA Notice of Privacy Practices, and basic computer protections (firewall, password, virus protection, etc.) probably provide a basic indication that an attempt to be compliant was made. See below for compliance list.
2007: National Provider Identifier (NPI):
-
As part of mainstreaming the process of electronic claims, HIPAA mandates that all individual practitioners, who are covered entities, should obtain a National Provider Identifier by May 23, 2007.
-
The use of standard identifiers is one of HIPAA’s key elements, and I recommend that all therapists obtain an NPI.
-
The NPI is a 10-position numeric identifier for each provider or therapist and is akin to a Social Security Number or an Employer Identification Number.
-
All insurance companies dealing with therapists will use this single NPI for each therapist.
-
Psychotherapists in private practice will receive their own NPI, as any other health care provider does. But, practitioners who are employed by clinics, agencies and counseling corporations will use the NPI that the organization has been assigned.
-
Covered Entities, under HIPAA, will have until May 23, 2007, to obtain their NPI, as they will be mandated to use their NPI in all covered transaction by the 2007 deadline.
-
Therapists who receive reimbursement from Medicare or other federal or state programs, such as Federal Employee Health Benefit Plans or Victims of Crime, should consider getting an NPI sooner rather than later, regardless of whether they submit claims electronically or by mail.
-
Any therapist who deals with insurance companies, whether electronically or not, is likely to benefit from having an NPI, which will become the standard identifier for practitioners.
-
While covered entities must obtain the NPI, a therapist, who is not a covered entity, may also obtain it (in fact is highly advised to do so).
-
Obtaining an NPI does not turn a therapist, who is not a covered entity, into a covered entity.
-
Once a therapist is assigned a number it will stay with him/her for life. It would be de-activated only when the therapist retires or dies.
-
To apply: http://www.cms.hhs.gov/NationalProvIdentStand/03_apply.asp. It takes about 10 minutes to complete the online application.
2007: The New HIPAA Enforcement Rule: A new HIPAA Enforcement Rule explains the circumstances under which a therapist could be held responsible for HIPAA violations by their employees, members of their workforce, trainees or business associates, such a billing service or accountant. Some ways to protect oneself is to have good training for employees and other members of the work force and solid Business Associate Contracts with billing services and other business associates. Therapists will not be protected if they are aware that their business associates are violating the privacy or security obligations under their contracts and fail to take reasonable steps to remedy the problem. Generally, being prudent and attentive to HIPAA rules can help avoid the HIPAA wrath even when one makes some understandable mistakes and takes reasonable steps to correct the situation. The entire text of the enforcement rule, including ways that therapists may defend themselves, is available at http://www.hhs.gov/ocr/hipaa/FinalEnforcementRule06.pdf.
2008: Stolen Laptops and HIPAA - New HHS Enforcement Effort: In one of the few enforcements of HIPAA by Health and Human Services so far, a Seattle company that provides home health care services has been forced, in mid 2008, to pay a $100,000 settlement because laptops, disks and tapes containing individuals' health records were taken from company employees' cars on 5 occasions in 2005 and 2006. (To read more about the case, click here. The agreement seems to signal that HHS is finally taking a tougher stance toward violations. This may have started a shift from the education approach they have taken so far to an enforcement mode. This HIPAA enforcement action suggests that psychotherapists who carry patient records with them are at risk for security violations and may be held legally and ethically accountable for security and privacy breeches. See also Transporting Confidential Clinical Records in Laptops: Heads up to Psychotherapists & Counselors.
|
|
|
To receive clinical and practice updates, add your name to our confidential e-mail list.
CLICK HERE
Online Courses
Live Workshops -
Forensic & Expert Witness Services -
Consultations for Therapists
Private Practice Handbook -
HIPAA Compliance Kit -
Clinical Forms -
Home Study Courses -
CE Info
Online Catalog -
Free Articles -
Boundaries & Dual Relationships -
General Public Resources -
Articles For General Public
Home -
Contact Us -
About Us -
FAQ -
Privacy, Disclaimer - Terms of Use -
ADA Policy & Grievance -
CV -
Site Map
ZUR INSTITUTE, LLC
Ofer Zur, Ph.D., Director
|
Sonoma Medical Plaza, 181 Andrieux Street, Suite 212, Sonoma, CA 95476
Phone: 707-935-0655, Fax: 707-935-3918, E-mail: info@zurinstitute.com
|
| |
|
© 1997-2008 Zur Institute, LLC. All rights reserved. Privacy Statement, Disclaimer & Terms of Use Site design/maintenance by R&D Web
|
|
 |
