Get Ready for HIPAA Law Governs Privacy, Transfer of Patient Data Policy Analysis
Policy Analysis  |   June 01, 2001
Get Ready for HIPAA
Author Notes
Article Information
Regulatory, Legislative & Advocacy / Policy Analysis
Policy Analysis   |   June 01, 2001
Get Ready for HIPAA
The ASHA Leader, June 2001, Vol. 6, 1-13. doi:10.1044/leader.PA.06122001.1
The ASHA Leader, June 2001, Vol. 6, 1-13. doi:10.1044/leader.PA.06122001.1
The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1996, is designed to protect health insurance coverage for workers and their families when they change or lose their jobs. Although more regulations will be developed for implementation of HIPAA, the U.S. Department of Health and Human Services (HHS) has already published two rules that will affect both speech-language pathologists and audiologists the electronic data interchange (EDI) rule and the privacy rule. All professionals who transfer patient information electronically must format data to comply with the EDI rule, and both practicing clinicians and researchers will be directly affected by the privacy rule.
While the implementation deadlines for these rules - October 2002 for the EDI rule and February 2003 for the privacy rule - may seem far away, clinicians should begin preparing today, said Larry Higdon, ASHA’s vice president for governmental and social policies. “It is important to act now and address HIPAA early,” he said. “This is not something that can wait. Get a copy of the law, read it, and check the ASHA Web site for frequently asked questions that will help you understand the implications for you and your practice site or research project. Almost every professional will be affected in some manner.”
Standardized Transfer of Electronic Data
The EDI rule requires the use of a single standard format for the electronic transmission of patient-related information, including claims submissions, eligibility inquiries, health care payments, and coordination of benefits information. Failure to comply with the rule will result in fines ranging from $100 to $25,000 per incident.
“This is not a profession-specific issue,” Higdon said. “This is a discipline-wide issue. If you bill your services to Medicare, private insurers, or other third-party payers, you must comply with the standardization requirements of the EDI rule.” Higdon noted that members in private practice especially must pay attention to the requirements of HIPAA, but that it must also be a concern of all members who bill for services including community speech and hearing clinics, hospitals, skilled nursing facilities, university clinics, rehabilitation facilities, and nursing homes.
“As your agency works to address HIPAA, you’ve got to be sure that your services are included in the analysis and planning,” he added. “Many small offices and independent practitioners may find it cost effective to contract with a clearinghouse in billing for services, but even that will require time and planning.”
HIPAA rules may require many health care providers to make substantial changes in operations, policies, and information systems. After educating yourself about the law and its potential effect on your services, evaluate your available resources money, technology, and staff. If you don’t already have the in-house expertise and technology to bill directly in compliance with HIPAA, determine whether you can afford to purchase compliant software and if you have the personnel to manage it. You may need to hire consultants to help modify your system, or send your billing to a clearinghouse that can reformat your data to comply with HIPAA standards before it is sent to third-party insurers.
And while some clinicians may only file paper claims today, they may be required to submit electronic claims in the future. “Claims submitted electronically are generally paid more quickly and at a higher rate,” said Arthur Williams, ASHA’s HIPAA consultant. “In addition, as payers receive more and more claims electronically, paper claims will cost more for them to process.”
Protecting Patient Privacy
According to the privacy rule, clinicians must obtain a patient’s consent to use and disclose protected health information, including such individually identifiable information as a patient’s name, address, and social security number. Clinicians who do not comply with the privacy rule may face stiff financial sanctions as well as a possible prison sentence.
Most facilities have privacy rules in place for care of patient/client/student records; however, the HIPAA privacy rule is much more extensive than current standards. “Most clinicians will say, I’m already protecting patient privacy, but it is important to evaluate what policies you have in place compared to what is required by HIPAA,” Higdon said. “Not only are the requirements extensive and specific for record keeping and policy manual development, but they also specifically define patient access to records.”
The protection of personal data through the “de-identification” of recognizable information and other means that ensure patient confidentiality will affect audiologists in all practice settings including hearing conservation programs, acute care facilities, and offices that dispense hearing instruments and transmit patient information in ordering hearing aids, Higdon explained.
SLPs across all work settings also are affected by the privacy rule. “Public schools and university speech and hearing clinics that often consider themselves to be educational and not subject to many of the health rules are affected, as they often transmit health data for children and adults in their programs,” Higdon said. “Work sites more directly related to health care facilities are easier to identify as needing to comply with the privacy rule. Audiologists, SLPs, and researchers should look at this as a process that must be addressed systematically, so they won’ t get caught seeking quick fix crisis management solutions as the compliance deadline nears.”
Members’ Reactions
“My initial reaction to the HIPAA mandates is a common one this is no small undertaking!” said Pauline Casey, president of the National Ear Care Plan (NECP). As a network administrator, NECP contracts with individual audiologists in various settings to provide hearing care as it relates to the diagnosis of hearing loss and fitting of hearing aids. NECP also receives, reviews, and reprices provider claims that are ultimately forwarded to third-party payers.
“NECP is now in the early stages of the analysis of the operational and financial impact of compliance with HIPAA,” said Casey, who has read extensively about HIPAA, attends meetings, and participates on a HIPAA listserv. “We do not have sufficient internal resources to develop all of the EDI, privacy, and security plans for HIPAA compliance. We will contract with a local benefits consulting firm, law firm, and a software vendor that have proactive working knowledge of HIPAA.
“We are aware that many of the large payers with whom we work are extending significant financial and human resources toward the effort,” she continued. “In our experience, it is the small health plan administrators and individual providers who are slow to consider the business ramifications of compliance or lack of compliance with HIPAA.”
Don Harris, an SLP in Ellensburg, WA, said, “I am surprised how many experienced private practitioners and other therapy providers are not aware of HIPAA, what it even stands for, and what ramifications it may have on their business practices.” Harris has been in private practice for 17 years and is program director of Optimum Rehab & Learning Specialists.
“We need to pay more attention to our records, what patient information we collect, what we transmit or share, and how we store and protect our clients medical or therapy information. We’ll need written evidence demonstrating an awareness of the new requirements and that we are making every effort to comply,” Harris continued, referring to the requirement that providers develop a policies and procedures manual explaining how they are addressing HIPAA and its requirements.
Submit a Comment
Submit A Comment
Comment Title

This feature is available to Subscribers Only
Sign In or Create an Account ×
June 2001
Volume 6, Issue 12