Although new electronic HIPAA standards have been the law for some time now, some small offices are still having trouble moving beyond minimum compliance. While HIPAA electronic standards are meant to make medical records easier to access for doctors and patients, the rather high fixed costs of implementing some of the procedures may put some smaller offices behind the eight ball. Here are some of the ways that many small offices have compensated for a lack of budget, improving their compliance and making their records easier to access internally.
Complying With Patient Access to Medical Records Requirement
Many small offices mistakenly believe they must take on all of the cost of providing their patients access to an electronic version of their medical records. However, using the technology of the cloud helps to allay some of the out-of-pocket costs of data storage and administration. Cloud-based programs such as Patient Fusion, the patient health portal for Practice Fusion, create an outlet for small offices to comply with HIPAA regulations concerning patient access to electronic medical records without their limited hardware taking on all of the responsibility. If you are a small office with limited hardware or data resources, consider one of these cloud-based options to remain in compliance and expand your own options for accessing patient records in a timely fashion. Making this relatively small investment will also help your billing process, and you will quickly make your money back in the time that you save in accessing records quickly and billing out for services electronically. You also avoid any kickback from insurance companies who will likely take every advantage to point out mistakes in your records. It is much more difficult to make a mistake on electronic record, and much easier to prove a service provided to your payer company or companies.
Breach Notification and Staff Training
Reporting incidents is another HIPAA regulation that is meant to protect both patients and doctors. However, the new procedures may take the valuable time of your staff if you do not train them properly in how to quickly handle breach notifications. First of all, there is no way around the time that it will take for initial training of concepts such as the new Final Rule. If you have to put your foot down and make your staff come in on a weekend, make it happen. Let them know that this must be a team effort. Make the process fun by investing in some snacks for the training session – it can be much cheaper than overtime pay.
Make sure that you update your privacy policies before you call anyone in for a weekend training session. This may require some time for you to implement on your own during a previous weekend. When all is said and done, all of your higher-level employees and management should be able to perform an analysis on the updated breach standard. If everyone can perform the analysis, you protect the office in case someone does not make it to work that day that it is needed. This will smooth out your billing process; if your insurance company understands that you know your breach process, it is much less likely to challenge you on potentially contentious claims.
Keep Your Business Associates Above Board.
One great thing about new HIPAA regulations is that they very accurately define different business associations within your medical practice. Use this as an advantage and as a guideline for your own business operations and partnerships. If you have had trouble in the past in determining the exact nature of your associations, you now have guidelines to update your Business Associate Agreement (BAA).