Volume 2, Issue 1

SUMMER 2004

….. Changing The Way You Think About Attorneys

· EXCEPTIONAL …. In how we achieve results, and the results we achieve.

· EFFECTIVE …. In attaining your goals.  Our first goal is to listen.

· ETHICAL …. Uncompromising services, without compromising Principles.

HIPAA security volume 1

by David Carlson

             My father told me to never turn my back on the ocean because he said you could never tell when it might sneak up on you and bowl you over.  Just when you thought it was safe to go back into the exam room, H.I.P.A.A. (the Health Insurance Portability Assurance Act) sneaks up behind you again.  This time it's not with the privacy standards, but rather the Security Standards portion of the act.

             Unlike the privacy standards, which you should already be following, the security standards portion of the regulations do not go into effect until April 20, 2005.  Fortunately, you can get into compliance now and not have to worry about it when April comes.  In addition, although you may not like the hassle and disruption that the HIPAA implementation causes your medical practice, in the long run the measures that HIPAA requires you to take will work to your advantage.

             The security standards require everyone to take certain steps.  For the most part these steps are related to the protection of electronic protected health information.  The regulation defines electronic protected health information as individually identifiable health information that is stored or transmitted in electronic form.  Essentially, if patient information is on a computer, the HIPAA security regulations apply to you.

             Although the regulations require a widely varied series of measures for compliance (encryption of data, individual usernames and passwords, anti-virus protection and anti-intrusion measures to name just a few), many of these things are things that any electronic environment should be doing as a "good business" practice.  If you maintain your records on your computer network in a database, the last thing you want to have happen is to have your system crash without a backup.  HIPAA security compliance is a necessary evil that will actually have benefits for your business.

             Some of the HIPAA regulations, however, have unfortunately created certain myths about compliance.

             Myth #1- If I don't bill electronically I don't have to comply with HIPAA security regulations.  Unfortunately, this isn't the case.  If you have any identifiable patient information and that information resides on a computer that is under your control or the control of a business associate then you need to comply with the HIPAA regulations.  This includes everything from electronic billing records to information in scheduling and electronic medical records databases.  It would also include opinion letters that are written on a computer in a word processor such as Word.

Continued on Page 2

If you have received this newsletter from a friend and would like to be on our mailing list, or if you wish to no longer receive this newsletter please send an email to: jshults@salemlawyers.com

  Table of Contents

HIPAA security volume 1

            …….Pg 1 & 2

So, you want to start your own business

           ……..Pg 2 & 3

Firm News

            …….Pg 4