[ Friday, October 18, 2002 ]
At our internal HIPAA meeting on Tuesday, Amy Reddell, one of the lawyers on my HIPAA team, asked, "Now that the deadline for extensions has passed, what do we tell our clients when they call in panicked, wondering what they should do?" We kicked that around, and basically determined that covered entities that did not file for the extension have 3 options: become compliant, hire a clearinghouse that is compliant, or go bare.
Remember, the only thing that you must be in compliance with now is the Transaction and Code Set requirements. In other words, you can't submit bills or check on the status of payment (or do any of the rest of the 9 transactions for which specific forms and formats have been adopted) in electronic format unless you use the new forms or have filed for the extension. You can "use the new forms" without using them if you have a clearinghouse working for you. Check with your billing company if you have one; you may be all right there.
We called most of our clients to make sure they had filed for the extension. Of all of my clients, there was only one that had not filed, and they had determined that their new billing and coding system was fully compliant with the Transaction and Code Set regulations. They were using only the standard transaction forms and content, so they saw no need to apply for the extension. That is Option 1. Is Option 1 best for you? It really depends on whether you can change your billing and coding software so that you can comply.
If you didn't file for the extension, your next bet for becoming compliant is to use a clearinghouse, or Option 2. A clearinghouse, by definition, is a company that helps a covered entity complete a standard transaction by translating data formatted in existing or legacy systems formats into HIPAA-standard formats. A clearinghouse's job is to make you HIPAA compliant. If you are currently using a billing company, check with them to see if they are doing the proper translating for you. If they are, you are HIPAA compliant as it is. Of course, you need to make sure that the billing company knows what they are doing, and that your employees are capturing the information needed by the clearinghouse to fully fill out a HIPAA-compliant form.
Now, if you don't choose Option 1 or Option 2, you can try to fly under the radar screen. I don't recommend this. While I would be very, very surprised to ever see anyone in jail for a HIPAA violation that did not involve the sale of private information to a tabloid or the improper use of the information for marketing purposes, jail time is a possibility, as are substantial financial penalties. Additionally, anyone can file a complaint about you if you are not HIPAA compliant, and you cannot retaliate against a person who files a complaint. That person could be an unhappy patient who doesn't want to pay his bill or an unhappy employee who wants to prevent you from being able to fire her. Furthermore, if there ever is a breach of patient privacy, no matter how accidental or innocuous, if the patient sues you, you will automatically lose the case if you are not HIPAA compliant. The collateral damage of non-compliance would likely be much worse that any penalties.
Jeff [8:59 AM]
Blogger: HIPAA Blog - Edit your Template