HIPAA Compliance for Small Groups
scottorr
599 Posts
We are considered a small group by HIPAA standards and are not required to be in compliance until 4/16/2004, however, most of our venders are considered large groups. They have all sent us business associate agreements to be signed stating that we are in compliance with their privacy standards as required by HIPAA as of 4/14/2003. We have not signed them at this point. We have given them to our legal department. I was wondering if anyone else has run into a similar situation and how have you handled it?
Comments
At this point I have not turned away any employees' questions, however, I have asked them to address the issue first with the vender. I have been tracking employee questions but have not had them sign an authorization.
Our health and vision venders have not asked us for a signed business associate agreement. Our health plan vender is the largest in NY state and they have told us that their legal department told them they do not have to have the business associate agreement signed until 4/14/2004. Our legal department agreed. Our dental and disability venders asked us to change the dates on the business associate agreement to the 4/14/2004 date. Having said that I am trying be in compliance as soon as I can.
Thank you for your responses!
You can always sign the business associate agreements and attach an addendum stating your company's status - that you are in the process of implementing the HIPAA regulations and list the anticipated date of intent to be in total compliance (the timeline for your company). I am sure that you are already in compliance with some of the requirements, as the HIPAA standards are pretty much a given anyway. The legalize is pretty much stumping people about compliance. Our agency is a home health agency and we started working on HIPAA back in 2001. If you would like to have some of our info, I will be happy to share...might give you an idea of what to look at for your company. Please email me at [email]cjwinebarger@earthlink.net[/email] if you are interested.
Our insurance carriers have sent letters to our employees notifying them of HIPAA rules, but I am still at a loss as to any further obligations we have as the employer. My wife works for a very large corporation and all she received was a two page explanation of the plan, but she is not obligated to sign anything or attend any meetings, etc. So is the definition of "training and documentation" different for different employers?
Are you going to continue to help your employees who come in your office with a bill from a medical provider, and they want your help in resolving it? I suppose I will have them sign a form allowing me to represent them, or I could choose to longer offer that HR service, but I would prefer to help them.
Are any of you changing what I assume is a fairly universal policy of requiring a doctor's statement from employees who are absent for a certain number of days? Is this covered under HIPAA? My reaction is that since the employee is providing that document of their own choice, receiving it would not be a violation. Most doctors will be more sensitive now to only deal with work status and will not indicate what the diagnosis or treatment or prognosis was.
What a headache!
As for helping our employees with bills, our insurance carrier Customer Service Department is saying they will need the employee's written release before talking to me, unless the employee is in the room and will confirm they can talk to me. Our local hospital Patients' Accounts office said they are willing to talk to me about bills as long as we didn't discuss the patient's diagnosis, treatment plan, or prognosis. Some doctor's offices are taking the same stance, but I expect others will no longer say anything without releases. I have had a couple vendors send me their release forms and frankly I don't think they meet the HIPAA standards, because they are not specific to the immediate purpose. But I see that as their problem. It will be interesting to see how those offices handle calls from employee's spouses, since many households have one expert to deal with such matters. Boy, will they get some calls from angry employees having to authorize their spouse as a spokesperson! It's a new world.