HIPAA Compliance For Acupuncturist
Dr. Ya-Wen Cheng, DC. L.Ac. & coordinated by KC Chen
up to 10 units of continue education credits available
California Acupuncture Board & NCCAOM
California CEP# 418 & NCCAOM ACHB# 184-001
|Distance Education:||CD-ROM training with Sample Reference Manual, Sample Policy Manual & ALL the required Forms.|
Aetna Mandates Electronic Claims Submission
Aethna is the first major private insurance carrier to mandate HIPAA compliance.
The only real question left to be answered is to what extent doctors will be required to demonstrate their HIPAA compliancy. Will the insurance company audit their provider to confirm the level of compliancy?
To register now, Call (626) 695-1200
What is HIPAA?
HIPAA is short for "Health Insurance Portability and Accountability Act of 1996". Final privacy regulations were issued by the US Department of Health and Human Services for the HIPAA on August 14, 2002. HIPAA is the law right now. On April 14, 2003 penalties will be imposed to enforce compliance with the law.
update! The HIPAA laws affect ALL healthcare provider. No one is exempt from this law even if you have a pure cash practice (more details on the changes). For another word, HIPAA will forever change the way all health care providers do business.
HIPAA defines that the information in client files belongs to the client, not the practice and MUST be protected. HIPAA will cause sweeping changes in the way that information is handled and protected both manually and electronically.
How does HIPAA affect my practice?
Here are some of the rules that affect acupuncture profession:
1. The HIPAA Privacy Rules require certain specific methods of handling the protected health information (PHI) of clients. On April 14, 2003, these changes must be implemented. Fines, penalties and possible jail time can be imposed for non-compliance.
HIPAA doesn't stop there. It also requires new procedures regarding patient
access to their information. And the practice must notify each patient of these
rights with a "Notice of Privacy Practices." This notice must include the
patient's rights, the practice's HIPAA policies and the address of where to
2. The HIPAA Security Rules require specific methods of handling Electronic transmission of data. Meaning if your practice transmits any patient information to anyone else you fall under the HIPAA rules. If your practice currently does not transfer information electronically, on October 16, 2003 you will have to. On October 16, 2003 Medicaid and Medicare require all claims to be submitted electronically. Therefore, if you are not a cover entity now, by then you will be.
HIPAA will require changes to how an office operates. While it's very likely
that you already have some privacy and security measures in place, HIPAA
requires that you document those policies and procedures. And it requires that
your employees be trained in the HIPAA law and the policies & procedures of your
Business Associates need to demonstrate "HIPAA Compliance" by going through the
same processes that a covered entity must. This means
setting up a manual for HIPAA policies & procedures and training employees (if
What are the penalties for none compliance?
April 14, 2003, the penalties will be imposed. The fines are large enough to put
a practice out of business. For a simple violation, such as not documenting
release of protected health information in every client file affected, the fine
is $100 per standard violated, per client per year. The maximum fine per
standard violated is $25,000 per year. For the misuse of patient data the fine
could be $250,000 plus 10 years of jail time.
Is it easy to comply ?
How much will it cost to comply?
To comply with this new law is easy. The costs of compliance are relatively low. To comply with the new law, the majority of changes will be in the procedure the physicians, their staffs, and the business associates handle, exchange, and store the patient information (i.e., it is all about behavior & procedure changes).
What if I do not wish to comply?
HIPAA compliance is not an option. HIPAA is the law right now. All covered entities must be compliant by April 14, 2003 or face the penalties imposed.
Some Common misunderstanding about HIPAA? update 07-24-03!
1. My practice have less than 5 million dollars of gross income, I am exempt from complying.
3. I do not do electronic billing. Therefore, I am exempt from HIPAA.
4. I have a 100% cash practice. Therefore, I am exempt from HIPAA.
The first four items are some of the most often-quoted
4. HIPAA compliance is only relevant to the doctor - Actually, HIPAA's passage was intended in large part to address the protection of patients' rights. The privacy and security components of HIPAA are not so much about how you practice, but how you protect your patients' rights to privacy and the security of their information
5. Other providers will refer to me even though I'm not HIPAA compliant - Once other health care providers learn you are not HIPAA compliant, they are prohibited from referring patients to you and discussing patients with you without specific written authorization.
6. I don't have to do anything to be HIPAA compliant; my office software vendor says I'm already HIPAA compliant because its software is - While having HIPAA-compliant office software is important, it doesn't make your office compliant. You are required to abide by all of the other HIPAA requirements noted in this article.
7. My state laws have no effect on my HIPAA compliancy - You are required to consider the HIPAA laws and your state privacy/security laws, and abide by whichever are stricter. You must be aware of both as you make your office HIPAA compliant.
8. My office doesn't need its own compliance manual - The HIPAA laws state clearly that your office is required to have "formal documented procedures" specific to your practice. These must include "core elements" of the HIPAA law, documented "required elements" and documented "implementation requirements," as they apply to your practice. Your practice needs to have a list of the HIPAA requirements and how your office procedures comply with those requirements. This information must be documented in your compliance manual.
9. My office doesn't have to have a privacy officer - Establishing a privacy office is not only required by HIPAA, but is necessary to ensure the privacy of your patients' health information.
10. All I need to do is use the right HIPAA forms to be HIPAA compliant - The right forms are important, especially when revealing private patient information to others (such as personal-injury attorneys). However, just having the right forms doesn't satisfy the other HIPAA requirements listed in this article, and it doesn't make your office HIPAA compliant.
11. My vendors don't have to provide my office with proof of HIPAA compliance - Besides other treating entities, every person and company you send or share patient health information with must sign a business associate agreement and possibly a "chain of trust" agreement that requires them to comply with the HIPAA privacy regulations. It is your responsibility to be certain they are implementing the HIPAA privacy standards before you share patient health information (PHI) with them.
12. I just need to know about HIPAA, I don't have to do anything else - This is one of the worst misconceptions about HIPAA, and the most likely to lead the doctor into situations that could result in disciplinary action. Knowing about HIPAA is not enough. The HIPAA privacy and security requirements must be implemented into the doctor's practice as part of standard procedures utilized in the care of patients.
13. No one will ever check to see if I am HIPAA compliant - Every vendor; payer; malpractice insurance company; personal-injury attorney; hospital; and health care provider is required to be HIPAA compliant, and most of them will require you to be as well. You will be asked to sign a "Business Associate Agreement" to demonstrate you are HIPAA compliant. Signing this agreement without being HIPAA compliant is fraud.
In addition, the Office of Civil Rights has been assigned to investigate violations of HIPAA requirements. They have already instituted an online complaint form and severe civil and criminal penalties, with fines as high as $250,000 per occurrence. Disgruntled former employees, embarrassed patients and attorneys are expected to file most of the complaints against providers.
How easy is it to face a HIPAA audit?
ANYONE (include people never been to your practice) can turn a practice in!
Ever had an unhappy employee leave, or experience the anger of a dissatisfied patient?
One simple call or post card can bring any practice to the attention of the
Health and Human Services' Office of Discrimination and put you under an audit
We will address issues specific to the Acupuncture
Open Room Treatment Area
Appointment Reminder Calls
Leaving Messages on Voice Mail
Working with other Professionals
To register now, Call (626) 695-1200