Medical Privacy and Security: IS YOUR MEDICAL OFFICE YOU READY (FOR HIPAA? - Law Firm Abrams, Fensterman, Fensterman, Eisman, Formato, Ferrara & Einiger, LLP Attorneys Lake Success, New York

- Women in Healthcare Events

Medical Privacy and Security: Is Your Medical Office Ready for HIPAA?

If you would like more information about this topic or any other topic contact Scott Einiger

I. Background

Protecting confidential medical information has historically been addressed on a local level with each state setting its own rules and regulations. In New York State, the legal protections afforded individuals concerning their confidential medical information is delineated by statute in the Civil Practice Law and Rules (CPLR), Public Health Law and Mental Hygiene Law. [1]

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was originally enacted to enhance (not guarantee) certain health care insurance coverage for Americans. HIPAA also creates a national, standardized set of rules for maintaining (security) and protecting (confidential) patient medical information known as PHI (Protected Health Information). The privacy component of the HIPAA law will go into effect on the first medical service delivery on April 14, 2003. The law has recently undergone significant amendments since the "Final Rule" was originally enacted. While the Federal Law will not pre-empt more restrictive state law, HIPAA does create certain mandatory procedures that must be implemented by all covered entities to avoid potential monetary fines and/or for intentional acts even possible criminal penalties

While the HIPAA regulations may continue to undergo further fine tuning to address various practical concerns, it is imperative that physicians and their administrative office staff not wait to educate themselves about the federal law's purpose and the actual legal requirements. Undertaking to education the office staff is one of the key requirements of the law. Implementing a written compliance plan is another. Waiting until the effective date could prove costly. The failure to institute a good faith and reasonable office compliance program, to provide privacy notice to patients concerning their rights, to protect against the unauthorized release of confidential records and implement security safeguards for data in transit and maintained in the office, could potentially place physician owners their employees (including administrative office staff) and even business associates at grave risk for potential monetary fines and even criminal penalties for the unauthorized disclosure of PHI. The Office for Civil Rights (OCR) is responsible for implementing and enforcing the privacy regulation.

II. Covered Entities and Covered Services

Covered entities within HIPAA's jurisdictional reach would include those that either provide, pay for or submit electronically information concerning health care services or billing information including hospitals, health plans, group and solo medical offices. Virtually every individual physician practitioner and group medical practice are covered entities under the jurisdiction of the HIPAA federal law as submission of their claims to managed care entitites and or governmental programs (meidicaid/medicare) will all be done electronically. This includes the services (i.e. tests procedures) provided directly to the patients by primary care physicians and also includes medical services indirectly performed or tests or procedures ordered by medical consultants at the direction or order of another physician (i.e. consultants such as radiologists).

III. Protected Health Information

Once an entity fulls under the jurisdiction of HIPAA, Protected Health information (PHI) under the federal law is broadly defined and includes all information whether recorded or oral that relates to past, present or future health conditions, medical care or payment for said conditions or care. Creating an effective confidentiality and security compliance program will help avoid the penalties and sanctions that apply for noncompliant programs. Such penalties and sanctions could include civil penalties and fines for each violation ($100 per violation with a maximum penalty of $25,000/year for identical penalties) and for intentional violations of the law could even include criminal penalties (i.e. fines between $50,000 - $250,000 and imprisonment terms between 1 to 10 years).

IV. Summary

HIPAA is a complex and extensive national initiative which includes at its core rules that govern: notice to patients of their rights, protection of confidential medical information and rules for medical professionals to implement reasonable precautions and safeguards to protect the privacy and security of confidential Private Health Information (PHI). It behooves all medical offices which included the physician owners, employees and administrative staffs to learn HIPAA's rules as there are serious monetary fines and even criminal (if intentional) penalties for unauthorized disclosures of PHI as of April 14, 2003.

[1] (CPLR 4504, Public Health Law 18, Article 27-F of the Public Health Law and MHL 2205).

* items required.

For Email Marketing you can trust

LONG ISLAND

1111 Marcus Avenue, Suite 107, Lake Success, New York 11042 : Telephone: (516) 328-2300 / (516) 437-7575 : Fax: (516) 328-6638

NEW YORK CITY

630 Third Avenue, 5th Floor, New York, New York 10017 : Telephone: (212) 279-9200 : Fax: (212) 279-0600

BROOKLYN

9306 Flatlands Avenue, Brooklyn, New York 11236 : Telephone: (718) 272-6040 : Fax: (347) 750-8344

ROCHESTER

500 Linden Oaks, Suite 110, Rochester, New York 14625 : Telephone (585) 218-9999 : Fax: (585) 218-0562

MAP & DIRECTIONS

Long Island : New York City : Brooklyn : Rochester

The law firm of Abrams, Fensterman, Fensterman, Eisman, Formato, Ferrara & Einiger represents individuals and businesses in New York City (NYC), throughout New York, Western New York and neighboring New Jersey, including Long Island, Manhattan, the Bronx, Brooklyn, Rochester, Staten Island, Queens, Westchester, Rockland, Buffalo and Lake Success, as well as all cities within Nassau County, Westchester County and Suffolk County.

FirmSite® by FindLaw, a Thomson Reuters business.