This Frequently Asked Questions page refers to questions pertaining to HIPAAssociates and its products and services, and reflect questions we have encountered while servicing our clients. We will continue to add to this page so please check back for updates.
HIPAAssociates Frequently Asked Questions
What services does HIPAAssociates offer?
HIPAAssociates offers training, gap assessment, planning, and implementation. Our process is designed to get practices and health plans up to speed on HIPAA quickly, provide them with tools, develop a solid plan, and support through implementation. You can get more information about our Services here. Details about our Programs can be found here.
What products does HIPAAssociates offer?
HIPAAssociates offers HIPAA Navigator, a gap assessment, report and planning tool, and HIPAA SLP, a state preemption tool. In addition, we offer a customized, updataeable HIPAA reference manual complete with model forms, policies and procedures. Details about our Products can be found here.
My association is offering a Privacy Manual. What do you offer that they don't?
Some associations have started to offer their own Privacy Manuals. We recommend comparing these manuals with ours, looking at features like readability, ease of use, and ability to customize and update. Our manual is available in electronic form and hard copy; the electronic manual has links to make it easy to navigate, is laid out in the same structured manner that our Programs are, and is linked to reference materials on the CDROM such as the entire HIPAA standard. Details about our manual can be found here.
Which part of HIPAA has the most impact?
The answer to this question can vary depending on what resources your organization has at their disposal, the complexity of your operations, and what stage of HIPAA you are in. All 4 parts of HIPAA Administrative Simplification have significant impact. Privacy has the most visible impact since it affects every member of the organization's staff. Transactions has the most cost/benefit impact, since it affects the ability of the practice or health plan to generate revenue (for those enaged in electronic transactions - it may mean initial cost outlay the return on which may not be realized for a year (see Impact Analysis in Transactions Rule). There are however tangible benefits in reducing errors and speeding up remittance. Security has the most technology impact since many organizations do not have full-time IT staff.
Why do we need consultants?
The anser to this question again lies in what resources your organization has at their disposal. HIPAA requires a considerable investment in time to learn about the regulations; a structured approach to assessment, planning and implementation; and specific skill sets in law, transactions, and technology. Using consultants can save you time which you can use to treat patients and handle claims, and gives you an opportunity to tap expertise which you may not have access to within your company. HIPAAssociates also offers consulting services for specific HIPAA regulations, such as our Extended Program which covers detailed Security implementation.
What are the penalties for HIPAA?
The penalties for HIPAA are currently set at $100 per transaction with a maximum of $25,000 per year per specific HIPAA provision (there are multiple provisions per standard), for non-compliance. Penalties for intentional wrongful use or disclosure can be up to $250,000 and/or 10 years imprisonment.
How will HIPAA be enforced?
While there is no specific mandate for enforcement in the HIPAA regulations, the OCR (Office of Civil Rights) has published an interim enforcement plan.
What information sources can you recommend for a small practice or health plan?
I've been to a couple of seminars on HIPAA and it doesn't seem to be that big a deal. What else should I be doing?
Our experience has been that providers and health plans don't get a good feel for what is involved in implementing HIPAA until they complete a thorough assessment. Doing the assessment, developing a plan and implementing HIPAA regulations within your organization is not a trivial task, no matter what size your company. Regardless of whether you use outside help or do it yourself, the key is to get started early and follow a structured approach. By now, you should have filed for an Electronic Transactions extension (we recommend all our clients do so even if they think that they are in good shape), begun HIPAA awareness training, and begun an assessment of your operations. It is also advisable to begin discussions with your vendors about their compliance.
My vendor says that they have everything under control. Can I rely on them to take care of my Transactions and Security requirements?
Our experience has been that some vendors have a good handle on HIPAA, others don't. This problem is compounded by the fact that the regulations themselves are still changing, and some are not yet finalized. We advise our clients to ask vendors specific questions about their plans for HIPAA, details about changes they are planning to make, and the timeframe of implementing these changes.
My vendor has informed me that there will be a software upgrade for HIPAA, costing $xx. Is there anything that I can do except pay their bill?
Implementing HIPAA Transactions and Security regulations will possibly require changes in software, hardware, and configuration. HIPAAssociates communicates the providers' and health plans' requirements to vendors (including specifics about transactions, data elements, system configuration etc.) in order to make sure that the upgrades meet the needs. Many vendors will not be in a position to offer customized solutions for individual clients, and may bundle the changes. In any case, the more informed you become about your specific technology and configuration needs, the better you will be able to assess whether the upgrade meets HIPAA requirements, and whether it will be available and tested by the compliance deadline.
I haven't heard anything from my vendor. Should I be worried?
We recommend that providers and health plans initiate discussions with their vendors as soon as possible, especialy if they haven't heard anything from them.
I am considering purchasing some new technology for the office but I'm not sure whether it's HIPAA ready. What questions should I ask?
HIPAA is here to stay, which means any technology which deals with Protected Health Information or other HIPAA provisions must meet HIPAA requirements. We recommend that providers and health plans ask the vendor how their software affects HIPAA requirements and if it's HIPAA-ready. HIPAAssociates works with vendors to determine their HIPAA-readiness.
Are you the type of consultancy that just drops off a manual and then leaves? Do you support us through the process?
HIPAAssociates believes that for proper training, assessment, planning and implementation, you need good support. At the same time, since providers and health plans have responsibilities as covered entities, we also believe the right approach is to engage the client while providing them with tools and teaching them how to use them. Our Programs are designed to train the entire staff, gather the required information, conduct the gap assessment, produce reports, develop forms, policies and procedures, and provide support - all while minimizing the impact on daily operations.
How long does your process take?
The answer to this question depends on how large the practice is, how complex its operations are, and what resources the practice has at its disposal. There is the possibility of delay in getting responses from vendors. For the Basic Program, you should expect, on average, to see us for 5 days, and for the entire Program to take anywhere from 4-12 weeks. Beyond that, we offer telephone and email support, software and manual updates, on-site audits and other services through our Maintenance Program, and are also available for other specialed support needs. For health plans, the process will span over a number of months, depending on the size of the health plan and its operations.
HIPAA Administrative Simplification? Isn't that an oxymoron?
Many providers and health plans look at the complexity and size of the HIPAA regulation and get that sinking feeling. How can all these new regulations and procedures lead to simplification? While there will be an period of adjustment, providers and health plans can expect to realize benefits from implementing HIPAA. For example, many organizations may have informal procedures for training, handling patient information, and handling security - going through the HIPAA process will give them the opportunity to standardize procedures and policies, which will make them more responsive to patient needs, more competitive in the marketplace, and yield time and cost savings in the long term.