No EMR--What should our HIPAA concerns be?
HIPAA Weekly Advisor, April 5, 2002
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: We are a small rural hospital and we do not have electronic medical records. What areas of HIPAA do we need to be concerned with?
A: Even though you don't have electronic records, you're most likely planning to engage in certain electronic health care transactions. That means even as a small rural hospital, you need to be concerned about essentially all aspects of the administrative simplification provisions of HIPAA.
The transaction and code set standards of HIPAA establish standard formats for certain electronic health care transactions, such as filing electronic health care claims, health care payments and remittance advises, coordinating of benefits, and determining health care claims status. The compliance deadline for these standards is October 16, 2002, but providers that file a compliance plan by that date with the Department of Health and Human Services may seek a one-year extension.
If a health care provider engages in one of the HIPAA electronic transactions, it must use the format developed under these standards. In fact, with limited exceptions, as of October 16, 2003, all Medicare claims for services and supplies provided under both Part A and Part B must be submitted electronically using the HIPAA standard format.
Institutional providers with fewer than 25 fulltime equivalent employees are not required to submit claim forms electronically. So, if a small rural provider files electronic health care claims, it will have to comply with the HIPAA transaction and code set standards.
The privacy standards of HIPAA apply to any health care provider that transmits health information. Compliance with these standards is required by April 14, 2003. These standards cover information maintained or transmitted in any format, including electronic, paper, and oral communications. Therefore, the HIPAA privacy standards reach more than just electronic medical records.
A small rural hospital engaging in electronic standard transactions must comply with all aspects of the HIPAA privacy standards.
Finally, standards governing the security of electronic health information have been proposed under HIPAA. Once these are final, all providers that engage in HIPAA electronic standard transactions will have to follow these regulations.
The bottom line: You have a lot of work to do from a HIPAA standpoint.
This question was answered by Anna L. Spencer, Esq., and William Sarraille, Esq., attorneys with Arent Fox Kintner Plotkin and Kahn, PLLC. (http://www.arentfox.com)
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched