Massachusetts Medical Society
MY MMS
Name:   
Password:   
Login help
 
 
Search
AboutJoin/RenewCalendarCareersContactSite Map
 
 
 
My MMS
Advocacy and Policy
Member Benefits and Services
Member Participation
Continuing Education
For Patients
Public Health
Physician Practice Resource Center
MMS Governance
Charitable Foundation
News and Publications
publishers of The New England Journal of Medicine
Massachusetts Medical Society
860 Winter Street
Waltham MA 02451
(800) 322-2303 or (781) 893-4610
© Copyright 2004

Development of a HIPAA Compliance Strategy
The Time to Act Is Now
By Paul W. Shaw and Jerome B. Tichner, Brown Rudnick Freed & Gesmer
Still in the wake of preparation for the anti-climactic Y2K bug, physicians now face another significant and potentially expensive hurdle: compliance with regulations arising out of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

On Dec. 20, 2000, President Bill Clinton issued final HIPAA privacy regulations establishing standards for the protection of patient records and health care data. These regulations, coupled with recently enacted rules for the standardization of electronic claims and transactions, have placed significant pressure on physician practices to evaluate their methods for handling, transferring and storing patient information.

Here we attempt to provide a basic roadmap for evaluating your practice and implementing a compliance plan.

Early Action Can Save Dollars and Headaches
The deadline for physician practices to conform with these new HIPAA standards is in two years (three years for some small practices). However, it is crucial to begin developing a compliance strategy now. For most physicians, achieving compliance will involve modifying and/or developing new policies, procedures, and information systems, as well as adapting existing contracts and/or relationships with what HIPAA calls "business associates" (for example, software vendors or billing consultants).

Since a mere review of these practice elements can take months, those who delay developing a compliance strategy will likely find themselves running out of time as the compliance deadline approaches.

Violation of HIPAA's privacy regulations can lead to significant fines and potential criminal prosecution. Therefore you should start now to take the following measures:

  • Familiarize yourself and your staff with HIPAA requirements including:
    1) obtaining patient consent prior to treatment, payment or health care operations; 2) obtaining patient authorizations before releasing patient information to third parties, such as a patient's employer or insurance plan; 3) exceptions to the consent and authorization requirements; 4) standards regarding relationships with business associates; and 5) rights of patients to access their own data.
  • Designate a privacy officer. Privacy officers are responsible for coordinating the development and modification of the practice's privacy policies and employment handbooks, coordinating the education of all practice staff, and overseeing the development and implementation of the practice's compliance strategy. Privacy officers should coordinate their efforts with members of the practice's billing, information technology, and medical staff to ensure that compliance efforts include all aspects of the practice.
  • Analyze the manner in which your practice handles patient information. A flow chart detailing how and by whom information is handled will enable you to identify potential compliance issues and trouble spots.
  • Establish a comprehensive compliance strategy and prioritize items to be completed, including timelines for performance.
  • Work with counsel to review current contracts and relationships with business associates, such as billing companies. To comply with HIPAA, a contract with a "business associate" must, among other things, 1) prohibit the improper release or use of protected information; 2) require safeguards for use of protected information; 3) require the return of any protected information upon termination of the contract.
  • Update practice forms and informational materials. Develop notices to patients regarding your practice's use of their medical information. Update consent forms and authorization forms to satisfy HIPAA requirements.
  • Review all electronic systems to determine noncompliance. Work with software and hardware vendors to ensure that system upgrade needs can be satisfied. Many software/hardware agreements may already entitle your practice to free upgrades and systems review.
  • Analyze the overall financial and nonfinancial impact of HIPAA compliance on your practice. This will allow you to set appropriate goals and establish a budget for compliance activities. Software/hardware upgrades can be very expensive and, therefore, warrant advance planning.
  • Create an awareness in your practice about HIPAA and involve staff in the compliance process. Awareness will enable support staff, the individuals generally handling the day-to-day transactions involving health care data, to assist with compliance efforts and to contribute ideas for practice modification.

Compliance strategies will differ depending on practice size and structure. It is important to customize your practice's compliance efforts as needed.

For all practices, regardless of size and structure, early action makes for easier implementation. Delaying compliance efforts is likely to result in an eventual shortage of time and increase in expense. Addressing these issues in the near future can transform HIPAA compliance into a manageable step-by-step project to be implemented gradually.

back to top

go to our other top story
Seeking Common Ground

 

 


Printer-Friendly Version
HOME SEARCH ABOUT JOIN/RENEW CALENDAR CAREERS CONTACT SITEMAP FEEDBACK
PRIVACY POLICY SITE CREDITS
 
 

Debugging Information
ColdFusion Server Standard 6,1,0,83762
Template /AM/Template.cfm
Time Stamp 25-Feb-05 02:37 PM
Locale English (US)
User Agent
Remote IP 10.1.1.35
Host Name 10.1.1.35

Execution Time

Total Time Avg Time Count Template
47 ms 47 ms 1 top level D:\webfiles\MASSMED\WWW\AM\Template.cfm
16 ms 16 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\TemplateFooter\TemplateFooter.cfm
16 ms 16 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\TemplateHeader\TemplateHeader.cfm
16 ms 16 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\TemplateTopNav.cfm
15 ms 15 ms 1 D:\webfiles\MASSMED\WWW\AM\Application.cfm
15 ms 15 ms 1 D:\webfiles\MASSMED\WWW\AM\CM\HTMLDisplay.cfm
15 ms 15 ms 1 D:\webfiles\MASSMED\WWW\AM\TemplateBody.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\ApplicationCustom.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\ApplicationUDFs.cfm
0 ms 0 ms 2 D:\webfiles\MASSMED\WWW\AM\Common\CachedStoredProcTag.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\DetermineHeader.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\Ecommerce\BasketSetupTag.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\HierMenu\HierMenuTag.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\LoadSessionVariables.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\TemplateSection.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\FooterInclude.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\HeaderInclude.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\TemplateSideNav.cfm
0 ms 0 ms 1 D:\webfiles\MASSMED\WWW\AM\Templates\TemplateSideNavWithImages.cfm
0 ms  STARTUP, PARSING, COMPILING, LOADING, & SHUTDOWN
62 ms  TOTAL EXECUTION TIME
red = over 250 ms average execution time

Exceptions

14:37:00.000 - Expression Exception - in D:\webfiles\MassMed\WWW\AM\TemplateSection.cfm : line 34
	    Cannot find key March in struct.

SQL Queries

GetSystemVariables (Datasource=CFWeb, Time=0ms, Records=90) in D:\webfiles\MassMed\WWW\AM\LoadSessionVariables.cfm @ 14:37:00.000
  SELECT a.*
    FROM System_Variable a
   WHERE VariableTypeCode = 'E'
qSavedBasket (Datasource=CFWeb, Time=0ms, Records=0) in D:\webfiles\MassMed\WWW\AM\Ecommerce\BasketSetupTag.cfm @ 14:37:00.000
    SELECT a.*, 
           b.EtailerID,
           b.SKU,
           b.TaxableFlag,
           b.UnitPrice AS NewPrice,
           b.MemberPrice AS NewMemberPrice,
           b.QuantityEditableFlag,
           c.StockStatusDesc AS StockStatus
      FROM Basket_Save a WITH (NOLOCK),
           Product b WITH (NOLOCK),
           Stock_Status_Ref c WITH (NOLOCK)
     WHERE a.ProductID = b.ProductID
       AND b.StockStatusCode = c.StockStatusCode
       AND 1=0
GetHTML (Datasource=CFWeb, Time=15ms, Records=1) in D:\webfiles\MASSMED\WWW\AM\CM\HTMLDisplay.cfm @ 14:37:00.000
    SELECT a.*, b.Keywords, b.Description, b.MembersOnlyFlag
      FROM Content_HTML a, Content b
     WHERE a.ContentID = b.ContentID
       AND a.ContentID = 5710

Stored Procedures

amsp_CMGetPublishedContentID (Datasource=CFWeb, Time=0ms) in D:\webfiles\MASSMED\WWW\AM\CM\HTMLDisplay.cfm @ 14:37:00.000
    
parameters
typeCFSQLTypevaluevariabledbVarName
 IN  CF_SQL_NUMERIC  5710    
 OUT  CF_SQL_NUMERIC    l_PublishedContentID = l_PublishedContentID  
 IN  CF_SQL_NUMERIC  1    
    
resultsets
nameresultset

Scope Variables

CGI Variables:
AUTH_PASSWORD=
AUTH_TYPE=
AUTH_USER=
CERT_COOKIE=
CERT_FLAGS=
CERT_ISSUER=
CERT_KEYSIZE=
CERT_SECRETKEYSIZE=
CERT_SERIALNUMBER=
CERT_SERVER_ISSUER=
CERT_SERVER_SUBJECT=
CERT_SUBJECT=
CF_TEMPLATE_PATH=D:\webfiles\MASSMED\WWW\AM\Template.cfm
CONTENT_LENGTH=
CONTENT_TYPE=
CONTEXT_PATH=
GATEWAY_INTERFACE=CGI/1.1
HTTPS=off
HTTPS_KEYSIZE=
HTTPS_SECRETKEYSIZE=
HTTPS_SERVER_ISSUER=
HTTPS_SERVER_SUBJECT=
HTTP_ACCEPT=
HTTP_ACCEPT_ENCODING=
HTTP_ACCEPT_LANGUAGE=
HTTP_CONNECTION=
HTTP_COOKIE=
HTTP_HOST=staging1.massmed.org
HTTP_REFERER=
HTTP_USER_AGENT=
PATH_INFO=/AM/Template.cfm
PATH_TRANSLATED=D:\webfiles\MassMed\WWW\AM\Template.cfm
QUERY_STRING=Section=March&CONTENTID=5710&FUSEFLAG=1&TEMPLATE=/CM/HTMLDisplay.cfm
REMOTE_ADDR=10.1.1.35
REMOTE_HOST=10.1.1.35
REMOTE_USER=
REQUEST_METHOD=GET
SCRIPT_NAME=/AM/Template.cfm
SERVER_NAME=staging1.massmed.org
SERVER_PORT=80
SERVER_PORT_SECURE=0
SERVER_PROTOCOL=HTTP/1.1
SERVER_SOFTWARE=Microsoft-IIS/6.0
WEB_SERVER_API=

Client Variables:
cfid=16336
cftoken=71543319
hitcount=1
lastvisit={ts '2005-02-25 14:37:00'}
timecreated={ts '2005-02-25 14:37:00'}
urltoken=CFID=16336&CFTOKEN=71543319

Request Parameters:
defaultsectionurl=http://staging1.massmed.org/
graphicsdirectory=/AM/graphics/home_template/
l_htmlheadcontentinformation=
  
  
  
    
  
    
  
  
  
  

MASSMED | Development of a HIPAA Compliance Strategy - Vital Signs
securewebsiterooturl=http://staging1.massmed.org/
websiteindex=5
websitekey=31cadfd9-b130-44b4-af2e-6603cbcc422b
websitekeyvar=31cadfd9_b130_44b4_af2e_6603cbcc422b
websitename=MASSMED
websiterooturl=http://staging1.massmed.org/

Session Variables:
admin=False
administrator=False
adminmicrositeid=0
adminsectionlist=
alldynamic=N
ba=Struct (1)
bannercompanyid=0
bebroadcastemail=Array (0)
bebulkemailauditid=0
bememberid=
bg=Struct (3)
bgcompanyid=0
bgselectionid=0
bgtransactionmode=
browser=Unknown
browserversion=0
candidateid=0
cc=Struct (4)
cdadministratorid=0
cfid=16336
cftoken=71543319
chapter=
cm=Struct (13)
cmbordercolor=#D1CDBB
cmcurrentfolderid=
cmeditorredirecturl=
cmfolderdisplay=
cmfoldersectiondisplay=
cmnavcontentgroupind=
cmsavetemplatepath=
cmsectiondisplay=
cmsuperadminflag=False
cmsurftoeditcontentid=0
cmsurftoeditreturnurl=
cmtextonlytemplate=False
cmwebsitekey=
committee=
companyid=0
companymaster=false
companymembershipnum=
companyname=
contactid=0
coregistrant=Array (0)
cp=Struct (4)
cpemailattachmentlist=
cpinvitationkey=
cpinvitegroupmembers=Array (0)
cpinvitegroupname=
cpinvitegroupsearchcriteria=
ctchapterid=0
customerid=0
cwadministrator=False
debug=False
ec=Struct (6)
eccheckoutprocessstart=false
eccouponnum=
ecshippingmethod=
ecstoreafcheckoutlink=
ecstoreafcheckoutlinkdesc=
eg=Struct (1)
egsubscribedgrouplist=
emailaddress=
faqflag=
firstname=
fontface=verdana
fontsize=2
geformsubmitted=false
headersize=3
imismemberid=
initialized=True
interestcategorylist=
jb=Struct (8)
jbcompany=Struct (0)
jbcompanyname=
jbcoverlettertext=
jbjobid=0
jbpreview=Struct (0)
jbresumesearchflag=false
jbsearch=Struct (0)
lastname=
location=Struct (8)
loggedin=0
mc=Struct (6)
mccurrentmessage=FALSE
mcfirsttime=True
mcmessagetext=
mcprimaryrecipients=
mcsecondaryrecipients=
mcsubject=
md=Struct (1)
mdsearchcriteria=
member=Struct (18)
memberid=0
membershipflag=false
membertype=
message=
ms=Struct (2)
msinitializeprocess=false
msmicrositeadminlist=
mycommittees=
myinterests=
ol=Struct (5)
pe=Struct (2)
platform=Windows
publicresultsflag=
questiondisplaylimit=
recruiterflag=false
recruiterid=0
redirect=
redirectfrom=
registrationpage=
rowcolor1=FFFFFF
rowcolor2=D1DDEA
savedbasket=Query (0)
sb=Struct (1)
sbpresenterid=0
sc=Struct (4)
scadmincomponentcodelist=
screturnmessage=Click here to continue.
scsecuritygroup=
securitygrouplist=
sessionid=CFUSER_16336_71543319
shoppingcart=Array (0)
staff=Struct (13)
su=Struct (8)
supreviewingsurvey=False
surespondingsurveyid=
sureviewingprocess=false
surveydate=
surveyid=0
surveyreporttemplate=
surveyresponse=0
surveyresponseid=0
surveyreviewquestionlist=
surveytakenlist=
surveytype=
susurveyid=0
susurveyresponseid=0
susurveyreviewquestionlist=
susurveytakenlist=
susurveytype=
sy=Struct (21)
templatepath=/AM/Template.cfm?Section=Home
title=
urltoken=CFID=16336&CFTOKEN=71543319
username=
voucheramount=
voucheramountremain=
voucheramountused=
vouchernumber=

URL Parameters:
CONTENTID=5710
FUSEFLAG=1
SECTION=March
TEMPLATE=/CM/HTMLDisplay.cfm
Debug Rendering Time: 63 ms