HIPAA Compliance for Medical Practices
66.1K views | +0 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

HIPAA Compliance When Selling Health Care Practice 

HIPAA Compliance When Selling Health Care Practice  | HIPAA Compliance for Medical Practices | Scoop.it

When considering the sale of your healthcare practice (regardless of whether you are a physician, physical therapist, dentist, optometrist, etc.), you will undoubtedly be confronted by a litany of questions:

  1. Valuation – how do I ensure I get a fair price?
  2. Type of Sale – am I selling assets or majority of stock/shares/membership interest in the entity?
  3. Due Diligence – how much research and risk assessment must I do in regards to existing liabilities (for both myself and the buyer) as well as the security/financing of the buyer?
  4. Verification of State, Federal Regulatory Compliance – who is responsible for verifying compliance with Fraud and Abuse laws, Stark Law, Anti-Kickback Statute, HIPAA, Tax Exempt Status, Anti-Trust laws, etc.?
  5. Restrictive Covenant – duration? location? key employees?
  6. Assumption of risk, indemnity – how is it expressed and covered?
  7. Holdover – how long should I remain onboard and accessible to the buyer – as an employee or an independent consultant?
  8. Termination – what will trigger cancellation of the transaction?

 

All of these questions warrant consultation with an attorney with experience in structuring such transactions. 

However, in addition to the traditional machinations of such a transaction, you will need to receive consultation from an attorney aware of additional aspects of the healthcare profession that make the sale of a practice more difficult. Namely, you need to be aware of the requirements for patient consent of the transfer of files and HIPAA Compliance.
 

Notification Requirement to Patients

 

Pursuant to state and federal regulations, patients must be given the option to choose another health care provider and/or have a copy of their medical records sent to the physician of their choice. Specifically, medical records and other personal health information should not be transferred to another health care practitioner or practice without the patient’s informed consent. As such, when moving forward with a contemplated sale of practice, it is important that the mechanics of informing patients of the contemplated sale and providing them the option to choose their own provider is incorporated into the timing of the transaction. 

Unfortunately, this often leads to the sale of the practice taking much longer than what might be within the parties' expectations. 
 

Sharing Patient Files and Medical Records through Business Associate Agreement


As the above transition is unavoidable, buyers and sellers can and should embrace it. This can be accomplished by ensuring there is either a holdover of the old practitioner within the new practice–as an employee or an independent contractor. Furthermore, the seller is permitted to then share his or her patient files and medical records (i.e. PHI) with the buyer pursuant to a HIPAA-compliant Business Associate Agreement. This is permitted because the buyer, as a business associate, is using the PHI from the seller for “health care operations”, a permitted use under HIPAA. “Health care operations” include business management and general administrative operations of the entity, including the sale, transfer, merger or consolidation of all or part of the covered entity with another covered entity.
 

The American Medical Association provides further guidance for the transfer of patient records upon the sale of a medical practice. Ethical Opinion 7.04 states, “The transfer of records of patients is subject, however, to the following: (1) All active patients should be notified that the physician (or the estate) is transferring the practice to another physician who will retain custody of their records and that at their written request, within a reasonable time specified in the notice, the records or copies will be sent to any other physician of their choice… (2) A reasonable charge may be made for the cost of duplicating records.”

 

Priming or Retaining Medical Records


Practitioners should also check state and federal regulations regarding recordkeeping requirements and/or retention. When selling or closing a practice, practitioners should review their medical records to ensure that the records contain all information and documentation as required by state and federal law.  
 

Medical record ownership is established by state law, licensing regulations, and judicial decisions.  Generally, the practitioner's patient file and medical record is owned by the practitioner or corporate entity responsible for compiling and maintaining it, who also serve as the custodian of its contents. The Health Insurance and Portability Act of 1996 (“HIPAA”) expanded patients’ right to access, audit and amend their protected health information (“PHI”) pursuant to the HIPAA Privacy Standards. As custodian, the practitioner is responsible for providing their patient with informed written consent regarding their role as well as how the patient may access and transfer its contents at will to desired third-party practitioners.  Practitioners, in this dual role as custodian and owner, must take special care regarding the destruction, retention, or transfer of medical records when their practice is sold or closed.

Practitioners who are selling or closing their practice should ensure that the control, ownership and patient’s right to access their medical records is specifically addressed prior to transferring or storing any medical records in order to be in compliance with the applicable state law. 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Patients willing to share health data, but only for a good reason

Patients willing to share health data, but only for a good reason | HIPAA Compliance for Medical Practices | Scoop.it

Patients are becoming more willing to share their health information publicly, but there is one caveat: It has to be for a good reason.

The purpose for which their information would be used was even more important to the more than 3,000 respondents of a recent study, published in the Annals of Internal Medicine, than being asked their consent for the information.

David Grande, the study's lead researcher from the University of Pennsylvania Perelman School of Medicine in Philadelphia, called that finding "surprising," according to a Reuters article.

But, in fact, another recent study shows that a majority of patients would be willing to share their healthcare information with researchers, employers, health plans, and their doctors, FierceHealthIT previously reported.

Scenarios for how the information would be collected and used in the study varied, according to Reuters. In one instance, the respondents were asked if it is OK for drug companies to use people's health information to learn who uses their products. In another, they were asked if using patients' records to find which ones had diabetes in order to improve care would be an acceptable practice.

Many of the participants did not find the use of health information for marketing purposes acceptable, but were more approving of using the data to improve care or for research purposes.

"Although approaches to health information sharing emphasize consent, public opinion also emphasizes purpose, which suggests a need to focus more attention on the social value of information use," the study's authors concluded.

In addition, there is also an underlying current of fear about security when sharing information that could make patients think twice about the cause for which the information is being used. A recent example is the cyberattack on Sony Pictures that exposed the health information of many of the company's employees and their loved ones.



more...
No comment yet.
Scoop.it!

HIPAA’s Role in Fostering Trust between Patients and Providers

HIPAA’s Role in Fostering Trust between Patients and Providers | HIPAA Compliance for Medical Practices | Scoop.it

The following scenario is true, but some of the details have been changed to protect the innocent, and the guilty. The setting is the cramped reception area of a small dental practice. The office manager, who also works the front desk, is on the phone there with a patient.

 

“Julie Jones? This is Dr. Burton’s office. Your lab results are in and they indicate you’ve tested positive for an STD. You’ll need to schedule an appointment as soon as possible with your primary care physician.”

 

Her voice drifts over into the nearby waiting room. A few people look up from the magazines they’ve been flipping through. One of them, who happens to be a neighbor of Ms. Jones, arches an eyebrow and softly clucks her tongue. Information that should be confidential between this office and patient is now dangerously close to public knowledge. With this particular neighbor in the know, people in Julie’s cul-de-sac will probably hear these results well before her current boyfriend.

 

Informing patients of test results is a normal and necessary part of the workday at every office that deals in healthcare. But in this case, having that conversation where it can be overheard violates Ms. Jones’ right to privacy. A right protected by the law known as HIPAA.

 

Privacy. A fundamental patient right.

 

With so much involved in running a successful healthcare practice today, it’s easy to understand how HIPAA has come to be viewed as more of a nuisance than a necessary part of good care. But at its core, HIPAA isn’t about extra logistical hassles or additional work, it’s really about best practices — and creating and maintaining a professional environment that protects every patient’s rights.

 

The relationship patients have with healthcare professionals is one that involves openness, honesty, and a deep level of trust. Patients tell their providers things about themselves that few others know, intimate details of their lives and health histories.

And they expect that their privacy will be respected – by their doctors and dentists, staff members, and other providers such as labs, XRAY services, and anyone and everyone involved in their treatment. Patients expect that outsiders will not be able to access their information, and that those who need to know will be able to view only the information that’s necessary for treatment.

 

This way of dealing with health information is more than professional courtesy, it’s a fundamental patient right – the very issue that HIPAA speaks to, ensuring that patients will know when their rights have been violated and can feel confident that the law will be enforced and violations punished.

 

If patient information isn’t protected, the effects can be far-reaching. In the wrong hands, a person’s health information can be used to tarnish his or her reputation or cause financial harm. In some cases, compromised information can even negatively impact care.

 

HIPAA helps keep patient data safe

Modern technology has facilitated the quick dispersal of information among various entities; HIPAA helps keep all that data safe. From installing firewalls in the office’s computer system to training employees in the proper protocols when contacting patients, HIPAA, in essence, is all about safeguarding every patient’s right to privacy, security and respect.

 

Ensuring a patient’s right to privacy is essential to the practice of good healthcare — and a vital part of the covenant between providers and patients. Implementing the mandates of HIPAA plays an important role in building and maintaining patient trust and a thriving practice.

Technical Dr. Inc.'s insight:

Contact Details :
inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.