H IPAA compliance is a reality for all chiropractic offices.... even cash practices, while they MAY BE exempt from many of the electronic audits and regulations, they still have to abide by the 'privacy laws' relative to HIPAA. The first person an auditor or investigator from the O.I.G. (Office of the Inspector General) will ask for is the Compliance Officer. That makes sense... as they need to know who to speak with that has knowledge of the facts they seek from your clinic! If you don't have a named, documented and trained Compliance Officer in your office, you can prepare yourself for the fines to start accruing! Lack of an appointed compliance officer will indicate to the auditors/investigators that you are not even trying to follow the most basic of the required 'self-policing' laws under HIPAA. So, what can you do to prepare your office and prevent fines? Understand the regulatory challenge we face as a profession. Get a compliance program in place - it will always be evolving, so don't expect an 'end point' where you breathe a sigh of relief and say, "done at last"—this is an ongoing, dynamic program that can actually build the practice while meeting requirements, if done correctly. Get help if you need it. It might be a bit time consuming to get a program in place, especially if you have to research all the many components on your own, but once in place it should only take a few hours per quarter of the year to maintain. • Stay aware of the many 'missed' areas forwhich people are fined. The regulatory challenge we face: The Chiropractic profession is a TARGET! Officials of HIPAA , Medicare and the O.I.G. have decided chiropractors and certain other specialists, have ignored becoming compliant for too long, therefore deficiencies in compliance will be considered 'willful' in many cases. This is the reason these government agencies have brought the Justice Department into the fold to enforce criminal prosecution when there are findings of fraud. Therefore prosecution can be a risk in addition to the new minimum fines of $50,000 and up to $250,000. As recent as May 2, 2012 the task force seized documents, filed charges against 107 suspects and suspended payments to 52 providers -in one day-across the U.S.A. Martha McKinney, C.O.O. of HIPAA Compliance Services, was a senior medical claims auditor for a major insurance company where she worked with HIPAA since its inception in the late 1990's. She has gone through recent training for the auditors being used to enforce these new rules, initiatives and government strike force plans. She continues to participate on 'update' committees and periodically agrees to function as a senior auditor relative to an investigation and therefore, is privy to first hand information regarding what is actually happening relative to enforcement. (By the way, the Office of the Inspector General (O.I.G.) is the enforcement arm for HIPAA and MEDICARE and they have now stated, to the auditors, that "when you find a problem in one area, check out the other". This 'crossover' creates even more problems.) One huge area of concern for chiropractors, that Martha points out, is the Medicare law that mandates that YOU must find YOUR own billing errors and RETURN THE MONEY PAID TO YOU BY MEDICARE, IN ERROR, WITHIN 60 DAYS or YOU have the potential of being charged with fraudulent billing. EMR systems make it even easier to find information that can lead fines, reports to the board and / or criminal charges. (This is mainly concerning chiropractors continuing to bill for adjustments after they have become 'maintenance' adjustments, per Medicare definition of maintenance-not chiropractic definition-and then failing to issue an ABN correctly and alter billing coding correctly. This results in receiving money you are not entitled to under the Medicare system- this then bleeds into HIPAA. Staying up with HIPAA and its required ABN audit actually helps you 'tighten up' this area of office procedure and avoid fines and criminal prosecution). Our intent is not to scare doctors and their staff, it is to prepare them and cause them to take action. So, what action can be taken? First we have to debunk the myths that stops action! The belief by many that HIPAA compliance is accomplished in your office as long as you have 'some kind' of release form, to be signed prior to releasing patient records and you don't leave patient information (like patient charts) laying around the office keeps you safe... and then there is the Myth that if you have a certified EMR system you are HIPAA compliant - nothing could be further from the truth! Compliance programs are multifaceted and have many required components. The 'starting point' of a compliance program is to have someone in charge- in fact it is required you have that person named, documented by date and signature, a 'posting' recorded and a job description signed. While there is not a requirement of a specific format to a HIPAA compliance manual, we do highly recommend you create a manual, as a separate item from your policy procedure manual-it just makes sense to have a central organizational source to store your required yearly internal audit results (ABN, Claim Denial, Clinical File and HIPAA system audits), the eight required release forms, confidentiality statements for employees and outside businesses that might have access to your files (janitorial services, repair people, etc.), training documentation, recorded corrective actions, privacy posting templates, physical plant improvements , etc.. Get going! Most offices can have a compliance system in place within 90 days with an expenditure of one hour per week (obviously this time frame can be accelerated with longer focuses of time) and it will only take a few hours per quarter of the year to maintain the program once initiated. If you need help it is available. Many state associations provide seminars and webinars relative to HIPAA compliance. You can go to each government agency website and start digging out the information you need to create a program.. You can purchase training systems... make sure they are current! You can get assessed for risk. There are professionals who can come on site and put your program together for you- for those who can afford it, are having major prob lems or want it done fast without burden on staff. You can never be 100% compliant, so it is even more critical you do all you can as quickly as you can. Dr. Ty Talcott and Martha McKinney are leading experts in regulatory compliance and run HIPAA Compliance Services (www.hipaacomplianceservices.com). They have been instructors for many Chiropractic Association webinars, license renewal conventions, and cosponsored seminars. They provide training systems and free HIPAA scores for risk assessment. They can be contacted by phone at 866-433-1746, by e-mail at [email protected], orthrough their website at: www.hipaacomplianceservices.com
