Commonsense approach to HIPAA compliance

The medical records privacy rule deadline is just around the corner. It's not too late to prepare.

Editorial. March 10, 2003.

Ready or not, here it comes. The federal medical records privacy regulation kicks into effect April 14. And like it or not, most physicians will be required to meet a host of new standards to ensure that their patients' personally identifiable health information is kept confidential.

The rules are the result of the Health Insurance Portability and Accountability Act of 1996. And the privacy provisions aren't the only portion of that law that physicians must get up to speed on.

The statute also includes new standards for conducting electronic transactions, such as health insurance claims processing. The date for physicians and their vendors to have begun testing their systems and software is also fast approaching -- April 16. And the deadline for implementation is Oct. 16.

Further down the road, physicians will have to comply with a whole new set of rules for protecting the security of individually identifiable health information that is maintained or sent electronically. The final rule was released last month, but physicians have until April 2005 to comply.

If all of this sounds bewildering, it is.

The good news is that the government has worked some flexibility into the law. Solo practices don't have the same amount of HIPAA compliance work to do as a large group practice. For example, an individual or small practice would not need to hire a staff person to ensure that privacy policies are followed; a physician or existing staff person could take on that role.