HIPAA Friendly Help
Simple ways for psychotherapists in private practice
to comply with HIPAA regulations
By Ofer Zur, Ph.D.
My goal is to help psychologists, counselors, MFTs, social workers, psychiatrists and other psychotherapists in private practice to become familiar and compliant with HIPAA regulations.
- HIPAA Made Friendly online course that gives you the entire HIPAA Compliance Kit and HIPAA Forms and another online course on HIPAA and Technology issues.
- Review or purchase HIPAA Compliance Kit and Forms.
- Billing resources and recommendations
- Most recent updates
Yes! As most experts advocate, if you are in solo psychotherapy private practice, you still need to become compliant even if you do not submit electronic bills.
Beware! HIPAA regulations regarding security and privacy of electronic-digital records has become the standard of care that all therapists must follow.
Don’t take the chance of being caught non-compliant. The penalties can be very severe.
Avoid being overwhelmed and immobilized by fear. HIPAA will not disappear if you put your head in the sand.
Inform yourself about the minimum you need to do.
Realize that every year the number of grievances, complaints, investigations and fines regarding HIPAA violations and non-compliance increases.
Find ways to continue getting insurance company reimbursements if you do not bill electronically or even own a computer.
If you missed the 2003, 2005, 2007 (NPI) and 2013 deadlines, do not wait any longer, become compliant ASAP.
Take the necessary, simple and relatively easy actions to comply.
It is manageable & I’ll help you achieve compliance through:
I am committed to assist therapists like you with:
- Understanding HIPAA’s basic facts and requirements.
- The simple step-by-step process towards HIPAA compliance.
- A down to earth, calm approach to compliance.
- Acquiring the actual resources for procedures, checklists, ready to use forms, outlines, etc. You will be able to personalize these user-friendly forms and checklists and apply them in your practice right away.
- Continuing to be reimbursed by insurance companies who are likely to ONLY accept electronic claims in the near future.
HIPAA 101: The Basics
Dr. Zur’s Eight Reasons For ALL Therapists To Become Compliant
- HIPAA has become the standard of care in regard to storage and transmission of electronic-digital records. Generally, it applies to all therapists regardless of their billing practices.
- HIPAA will be determined by case law. This reason alone suggests that all therapists comply ASAP, thus eliminating the need to face it in court.
- Unpredictable emergencies or future events might happen where you will have to submit PHI electronically and need to be instantly compliant, i.e. suicidal clients or a new insurance company that bills electronically.
- HIPAA can be triggered unexpectedly by actions outside of control or even your knowledge, i.e. your billing company changes to electronic billing.
- HIPAA is not only about electronic transmission it is also about privacy, security and the therapist’s entire operation. HIPAA also concerns privacy and security of file cabinets, computers, etc.
- Many states have amended their state laws to be aligned with HIPAA laws. As a result HIPAA has, generally, become the standard of care regarding the privacy and security of electronic-digital records.
- The entire field will become electronically dependent and HIPAA compliant. Most likely, in the future the only way to be reimbursed by any third party will be by electronic billing.
- The risks and potential penalties for non-compliance are great. Fines and charges for non-compliant therapists can be severe and damaging.
Eleven Simple Steps Towards Compliance
Following is a non-exhaustive list of some of the most basic steps that you can take towards compliance:
- Gain general knowledge of HIPAA regulations. There is no need to wrestle with the incomprehensible original regulations or lengthy manuals that are written in legalese. Just attend a course or review a simple (and relatively inexpensive) compliance manual.
- Create a HIPAA Check List, designate yourself as the “Privacy Officer” and create a general HIPAA file for the checklist, i.e., HIPAA forms, logs, documentation of compliance activities, etc.
- Implement a few new HIPAA forms, such as the Notice of Privacy Practices, Authorizations, Disclosure Logs and/or Request to Amend Health Information, Risk Analysis, Risk Management, Security Policies and Procedures manual, etc. Make sure, following your state preemption analysis, that you adapt the forms to your state and professional requirements.
- Secure records by locking and securing file cabinets and offices. Monitor who has access to them.
- Provide basic (need not be expensive) computer security, such as virus protection, firewalls, backup, passwords (changed regularly), encryptions, log out, access log, and who has access to records. Our HIPAA and Technology course can help you learn how to do this.
- Keep answering machines, fax machines and computer screens confidential and away from unauthorized people.
- Consider the option (this is not a requirement) of keeping separate and more protected clinical notes for some clients, called “Psychotherapy Notes” or what used to be called “Progress Notes”.
- Post public notices regarding the Privacy Officer and the Notice of Privacy Practices in the waiting room and, when appropriate, on your website.
- Obtain, if relevant, from your “Business Associates” (i.e., clearinghouses, answering services) a HIPAA Business Associate contract.
- Train your employees or staff (if you have any) in HIPAA compliance. Document the training and re-training as necessary.
- Make sure you are not shut out of insurance reimbursement when they stop accepting paper claims. Following are two basic options: 1) For the low-tech therapist, fax or mail your paper invoices to a billing service which, with the help of a clearinghouse, will transmit your bills electronically to the insurance companies; 2) For the high-tech therapist, a more complex option is for you to install a basic billing program, such as Medisoft, and either submit your claim to a clearinghouse or, if you like the challenge, submit them directly yourself.
Additional Online Resources (some of these sites may be “members only”):
Due to the large number of inquiries I receive regarding HIPAA, I decided to create this informational HIPAA Compliance web page and seminars. Please do NOT send me emails or call with questions regarding HIPAA regulations. I will not be able to answer individual questions or personal inquiries, but will be happy to set up an individual or group consultation, in person or by phone. Check this page for updates.
This page, like the HIPAA Kit and seminars, does NOT intend to be a substitute for legal, ethical or clinical advice or consultation. State laws may supersede HIPAA regulations and you have to check with the laws and regulations of your state. This page expresses Dr. O. Zur’s opinion and understanding of the regulations and does not claim to give definitive or comprehensive answers or the ‘right’ interpretation to many of the complex and often ambiguous questions which are brought up by the new HIPAA regulations. Many regulations may be still changing and the material may not reflect such changes. Contact your professional association, your malpractice insurance, attorney, boards and other state agencies or the federal government for more information.