Founded in 1977, KIRSCHENBAUM & KIRSCHENBAUM, P.C., is one of Long Island's most prominent and well-respected mid-size general practice law firms. The firm continues its tradition of providing clients with legal advice and services of the highest quality and maintaining and fostering diversity in its practice. From representing a wide variety of large and small clients in many different industries, our attorneys have the hands-on experience and knowledge needed to handle almost any types of legal matters, whether litigious or transactional in nature.
picture
Drop Down Menu

 

Protecting You and Your Practice From Unnecessary HIPAA Violations

By: Stacy Spector
Jennifer Kirschenbaum

Medical Practice management is very difficult in comparison to the operation of a general business because of the extra requirements that healthcare practitioners must be aware of in maintaining and operating their offices. One of those additional regulations is the Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. HIPAA adds additional layers of concern to healthcare practitioners in operating their day to day operations by requiring that all healthcare practitioners take certain precautions in maintaining and protecting patient medical information known as PHI (Private Health Information).

PHI includes any “individually identifiable patient information”, including and especially a patient’s name. One of the biggest mistakes many doctors make in their offices with PHI is allowing their staff to be sloppy in PHI management. For instance, your office sign-in sheet contains PHI and should not be left in plain view for patients in the waiting room to see who else is in the office waiting to be seen. Simple steps may be taken to ensure that your office is maintaining and controlling PHI in an appropriate manner, such as:

  1. educating yourself and your staff when it is appropriate to “use and disclose” PHI, for example for (1) treatment purposes, (2) payment, (3) health care operations, (4) pursuant to and in compliance with a valid authorization, or (5) to a business associate under a valid agreement with the healthcare practitioner;

  2. creating efficient and simple policies on how your staff should manage PHI, including proper filing procedures for PHI and appropriate interactions with patients when PHI may be disclosed (such as calling a patient’s first name only in the waiting room);

  3. designating a compliance officer amongst your staff who will be responsible for monitoring PHI compliance procedures; and

  4. making sure you have appropriate and up to date privacy policies, including patient consent for disclosure of PHI.

Penalties for failing to comply with HIPAA by not maintaining PHI appropriately or for unauthorized disclosure of PHI may be severe and may include potential civil fines, criminal penalties or licensure ramifications.

For additional information on appropriate PHI maintenance and disclosure feel free to contact Stacy Spector of Kirschenbaum & Kirschenbaum, P.C. at (516) 747-6700. Mrs. Spector is available to help create a working compliance program for your office and counsel you in creating the right privacy policies that work for your practice.