The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy regulations have extensive impact on healthcare organizations, including health plans, providers and clearinghouses. These requirements affect the organization structure and procedures, physical accommodations, and technical equipment and capabilities.

Our compliance programs are designed to ensure your health care organization is compliant with complex government and third party fraud and abuse regulations. Coding and chart analysis review code usage and documentation to optimize revenues while avoiding costly penalties and maintaining compliance. The Billing Office consultants and network engineers can assist you with these significant areas of regulation:

• Disaster Recovery Planning: Including periodic backup of data, critical facilities availability and disaster recovery procedures.
• Identifying Security Risks Related to Standards for Health Information: Determining level of access to healthcare information and providing training to all practice staff members about privacy and security procedures.
• Physical/Administrative Procedures & Training: Securing workstations and storage media, keeping records of authorized access and implementing workstation policies, patient data encryption and regular backup of data. Designating a privacy official to oversee the confidentiality and security procedures.
• Maintaining Written Policies and Procedures: Documenting compliance of HIPAA rules and making these available to all personnel. Implementing chain of trust agreements with partners with whom the practice exchanges healthcare

Our experienced team of professionals can help your organization develop and implement HIPAA Compliance through cost-effective operational improvements. The Billing Office will provide you with the following engagement deliverables:

• Detailed Status Report
• Matrix of IT gaps needed to populate the data elements
• Identification of areas of organizational deficiencies and vulnerabilities
• Implementation of timeline matrix, work plan, and detailed cost assessment

HIPAA has created an opportunity for the healthcare industry to move from paper claims transactions to electronic transactions using one national standard format. In order to comply with HIPAA, providers must update their systems or outsource their billing needs to professional medical billers.

The Billing Office is committed to complying with these national standards to protect individuals’ medical records and other personal health information. We continually update processes to promptly meet compliance requirements.

Transactions and Code Sets Requirement: The Transactions and Code Sets Requirement was first on the priority list. The final date was October 16, 2003. The following procedures were performed.

Assessing internal management information system to meet Transaction Standards & Code Set requirements
Close communication with our software vendor
Completed the operational assessment phase of the implementation strategy
Completed the software development & installation phase
Testing started on April 14, 2003
Completed by Oct 16, 2003

Privacy: Privacy was the next concern with the compliance date April 14, 2003. Initial training and ongoing training workshops have been conducted within our organization. Complying with the Privacy sections, Risk Assessments, Protected Health Information (PHI) Data Flow Maps, and Gap Analyses have been performed. In addition, HIPAA Policies and Procedures have been developed and implemented. The following activities were completed with some ongoing:

Conducted Overview HIPAA Training
Ongoing HIPAA Training Workshops
Performed Risk Assessments
Mapped the flow of PHI
Created HIPAA Policies
Documented HIPAA Procedures to meet requirements
Reviewed Business Associate Contracts and provisions

Security: The final Security rule adopts standards for the security of electronic PHI to be implemented by covered entities. Under the Administrative Safeguards, a covered entity must implement policies and procedures to prevent, detect, contain, and correct security violations. Compliance date is April 21, 2005, with the exception of small health plans that have April 21, 2006 compliance date. THE BILLLING OFFICE is in the process of complying with the Security Regulations by performing the following: Modifying facilities to meet Physical Workstation Security Requirements (i.e., office dividers around desks containing PHI), Assessing internal network security and other technical requirements

Unique Health Identifiers: UNIs are a necessary element to the national standardization of healthcare transaction automation. Under the HIPAA provision are identifiers for employers, providers, health plans, and individuals. Of these the employer, and provider have been finalized, and dealt with internally. The health plan, and individual, along with electronic signature regulations are not finalized at this time however; we continue to monitor the progress toward this end.

HIPAA Readiness Statement and Assurance of Privacy

The Billing Office is fully compliant with HIPAA guidelines. We:

1. Provide appropriate security for our client's patient records.
2. Protect the privacy of patient's protected health information.
3. Provide our client's patients with proper access to their billing records.
4. Appropriately maintain our client's patient information and billing processes in compliance with national standards.

For a detailed HIPAA Readiness Statement, or for more information about our assurance of patient privacy or our commitment to compliance with all Federal and State regulatory guidelines, please contact call and ask for our Corporate Compliance Officer.