• Health reform
• EMRs
• Medicare
• Liability
• AMA House
• » More

• Contract Language
• Ethics Forum
• In the Courts
• Practice Management
• Technically Speaking
• » More

• Issue dates
• Regions
• Health plans
• Sections
• News briefs
• Columns
• Editorials
• Letters
• Series
• Writers
• Other years

• Search tips
• Email alert
• RSS
• Mobile
• Subscribe
• Institutions
• Staff directory
• Advertising
• Permissions
• Reprints
• News media
• Site guide
• Useful links
• About
• Premium
• Contact

• AMA Wire
• CPT
• DMPHP
• JAMA
• JAMA Network
• news@JAMA
• Virtual Mentor
• Physician jobs

Commonsense approach to HIPAA compliance

The medical records privacy rule deadline is just around the corner. It's not too late to prepare.

Editorial. March 10, 2003.

• PRINT|
• E-MAIL|
• RESPOND|
• REPRINTS|
• SHARE
•  

Ready or not, here it comes. The federal medical records privacy regulation kicks into effect April 14. And like it or not, most physicians will be required to meet a host of new standards to ensure that their patients' personally identifiable health information is kept confidential.

The rules are the result of the Health Insurance Portability and Accountability Act of 1996. And the privacy provisions aren't the only portion of that law that physicians must get up to speed on.

The statute also includes new standards for conducting electronic transactions, such as health insurance claims processing. The date for physicians and their vendors to have begun testing their systems and software is also fast approaching -- April 16. And the deadline for implementation is Oct. 16.

Further down the road, physicians will have to comply with a whole new set of rules for protecting the security of individually identifiable health information that is maintained or sent electronically. The final rule was released last month, but physicians have until April 2005 to comply.

If all of this sounds bewildering, it is.

The good news is that the government has worked some flexibility into the law. Solo practices don't have the same amount of HIPAA compliance work to do as a large group practice. For example, an individual or small practice would not need to hire a staff person to ensure that privacy policies are followed; a physician or existing staff person could take on that role.

The AMA is urging physicians to take a commonsense approach and to do the best they can to comply.

Some of the privacy policies called for under HIPAA are in place in doctors' offices already. But now they have to be documented and shared with patients in a written notice.

Many doctors have taken the steps necessary to prepare for the rapidly nearing deadlines for the privacy and electronic transaction rules. Others, faced with the seemingly overwhelming task, have not.

But it's not too late to get started. And help is out there.

A good place to begin is the American Medical Association's HIPAA Web site (http://www.ama-assn.org/go/hipaa). There, physicians can find HIPAA advice and updates, as well as useful links to government guidance materials. The site also contains information on AMA books, products and services for sale to help guide doctors through implementation.

Additionally, it is important for physicians to check with their state medical societies to learn if there are state medical records privacy rules they must obey. The federal law set the minimum standard, so if your state has a stricter law, you must comply with it.

HIPAA as a whole can seem like a monster. But taking implementation one step at a time and using the myriad resources available, physicians just may be able to tame the beast.

Back to top

 ADDITIONAL INFORMATION: