Is Your Chiropractic Business HIPAA Compliant?
Chiropractic offices, like any other medical practice, must be HIPAA compliant. If you’re not, the consequences can be severe. HIPAA regulations can be complex, but with a little know-how you can protect yourself against expensive fines, fees, and legal repercussions.
What is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) protects patients’ privacy when it comes to their health information and medical records. The HIPAA Privacy Rule governs how “covered entities” use and distribute Personal Health Information (PHI).
As a practicing chiropractic office, you are a healthcare provider and thus a “covered entity” under HIPAA. Your patients trust you with personal health information, and HIPAA is designed to safeguard their privacy.
Chiropractors and HIPAA Compliance
Here’s how to make sure you’re in line with all HIPAA regulations, so that you can protect yourself from costly fines:
- Establish written policies and procedures. This is a part of basic HIPAA compliance. Even if you are HIPAA compliant in everyday practice, if you don’t have written policies in place you are not technically HIPAA compliant—and that’s a very costly technicality. Include a defined series of steps designed to protect information and to ameliorate any harm due to unintended violations. Any business associates must also have HIPAA-compliant contracts in writing.
- Use a disclosure form and keep all signed copies on hand. You must also have a written procedure to deal with requests for disclosures of PHI—say, a patient’s husband or child asks for information. If your patient hasn’t given you permission in writing to disclose that information, you’ll be setting yourself up for trouble if you release that information. There are required forms that must be in your HIPAA compliance manual and the correct form must be utilized based on the situation you are handling.
- Designate a “privacy official.” This person should undergo HIPAA training and be responsible for making sure your system is HIPAA compliant. Office managers usually assume this role, but remember that as the proprietor, you’re responsible if your office isn’t fully compliant with HIPAA regulations. Make sure your privacy official knows even the finer points of HIPAA compliance.
- Designate a single person as the “security officer” for all PHI. Personal Health Information, or PHI, is at the heart of HIPAA regulations. Your information system must be secure, and one person should be tasked with maintaining that security. All of these steps must be in writing , signed and dated or auditors will deem them invalid and can fine you as if they were not done at all.
- Provide and document HIPAA compliance training. You and your entire staff should go through HIPAA training to ensure that everyone fully understands the way PHI should be handled. Keep records of the training readily available and make sure your systems are up to date with current rules.
- Know and perform the required yearly audits. This is the area most clinics fall short. You simply must learn how to audit charts and your HIPAA system. The cost of NOT doing it is far too high.
Any chiropractic office that is found to not be HIPAA compliant faces a fine of $50,000- $250,000. Give us a call or fill out our online form for more information on how to make sure your chiropractic office is HIPAA compliant as possible. No one can ever be 100% compliant therefore, you must take every step possible. Fill out the form below for more information.[form contact-us]