Physicians tackle HIPAA Requirements and Increased Scrutiny by Government

The health reforms have not only affected the way in which healthcare is delivered but also the way in which information is shared among various professionals and entities in the health industry. Health Insurance Portability and Accountability Act (HIPAA) regulations have become more stringent for physicians, and patient privacy is one of the issues that are emphasized in the health reforms. Physicians are tackling this increased scrutiny by the government by adapting various methods in the various core and departmental processes involved in the delivery of healthcare.

The HIPAA and the HITECH Act have brought about new changes to the way physicians’ roles are scrutinized in the country. The privacy guidelines in the HIPAA Act are exhaustive and physicians need to be aware of these in order to avoid penalties in the form of cuts or worse. Moreover, these guidelines regarding patient privacy are not only applicable to physicians who follow proper EMR or EHR implementations and the reform guidelines but also to those who choose not to implement such requirements. Physicians need to disclose only the “minimum necessary” information needed for the particular purpose to certain entities. Even oral communication about patient information can be considered breach of privacy under HIPAA.

HIPAA compliance is not just necessary for physicians but is also applicable to their staff, on-site or otherwise. Physician assistants and professionals in other departmental processes also need to comply with HIPAA guidelines and prevent the breach of patient privacy by securely utilizing protected health information (PHI). With physicians using various methods to access and modify data on EHRs, the HIPAA privacy rules take on a new meaning. Those on the other end of the tech spectrum who still use paper based records cannot possibly implement such safeguards for privacy. Therefore adoption of EMR and EHR systems that are HIPAA compliant along with recruitment of compliant professionals in various departmental processes has become crucial to the well-being of a practice.

Providers are required to give notice of privacy practices to patients explaining how the health information of the patient is disclosed and used. Providers cannot reveal PHI to the patient’s employer unless there is a written permission from the patient for doing so. Healthcare providers are not allowed to reveal PHI to family members without receiving permission from the patient. In addition to these safeguards, there are other types of safeguards to be implemented such as physical safeguards of workstations and software used in accessing or modifying PHI. The onus of the protection of information lies with the physicians or practices and their staff and with the increasing volume of the information, it becomes necessary for physicians to hire professionals who are HIPAA compliant.

The departmental processes involved in the health care delivery system such as medical billing and coding, transcription, denial management, and revenue cycle management also need to be HIPAA compliant. Medical billing and coding services at, which is the largest consortium of medical billers and coders in the United States, are not only HIPAA compliant but also offer numerous other value added services such as consultancy, research and improved denial management.