The HIPAA regulations, both the privacy regulations and the electronic data regulations, only apply to individual practitioners insofar as they are, “covered entities.” A practitioner who is a “covered entity” under HIPAA is a health care provider who performs, or who arranges for someone to perform on his or her behalf (i.e., a billing service or a clearinghouse), “HIPAA electronic transactions”. If you want to determine if you are a “covered entity,” you may use a decision tree on the Department of Health and Human Services Office of Civil Rights website to do so. Go to www.hhs.gov/ocr/hipaa. Then click on, “technical assistance.” Then click on, “Am I a covered entity?” Then click the yes or no answers to the questions. You will then be informed by the website whether or not you are a “covered entity.” Note that telephonic communications and communications by regular fax machine (as opposed to faxes sent by a computer) are not electronic transactions under HIPAA.
Much of what the HIPAA privacy regulations require in substance, are things health care professionals, particularly mental health professionals, should have already been doing throughout their careers. The new regulations add some requirements, many of which are paperwork or administrative in nature, and some of which are substantive provisions which provide added confidentiality protections (i.e., providing special protections for psychotherapy session notes in addition to the general protection for health care records). For individual mental health practitioners who are “covered entities,” compliance with HIPAA privacy regulations by April 14, 2003, should be a relatively simple matter. If you are a solo practitioner doing electronic billing you will not be able to bill electronically unless you are in compliance with the electronic data regulations and, it is likely that until you can show that you are in compliance, the insurance companies may not accept your electronic claims. The good news is that the overwhelming majority of individual mental health providers, particularly clinical social workers, do not submit electronic claims at this time. If you do electronic billing or use a service to do so, you will need to obtain HIPAA compliant billing software, enter into written agreements with a billing clearinghouse to obtain their assurance that they are HIPAA compliant, and install virus protection, firewall and password protection software on your computer by October 16, 2003.
HIPAA AND MEDICARE
A final important note here is the information, from many sources, which has frightened Medicare providers, i.e., that Medicare will be mandating that all providers submit electronic claims. The law provides for some very important exclusions which happen to affect most of our members:
Public Law 107-105, Sec. 3 Requiring Electronic Submission of Medicare Claims, states in part that the Secretary shall waive application of [the requirement] in cases in which “the entity is a small provider of services or supplier.” For purposes of this subsection, the term “small provider of services or supplier” means
(A) a provider of services with fewer than 25 full-time equivalent employees; or
(B) a physician, practitioner, facility, or supplier (other than provider of services) with fewer than 10 full-time equivalent employees.”
Clearly, the law as stated does not mandate that small providers submit electronic Medicare claims now or in the future.