I have read this notice, show report. Close this notice

A. M. Best Limited License Notice

The Best's Rating Report(s) reproduced on this site appear under license from A.M. Best and do not constitute, either expressly or implied, an endorsement of (Licensee)'s products or services. A.M. Best is not responsible for transcription errors made in presenting Best's Rating Reports. Best’s Rating Reports are copyright© A.M. Best Company and may not be reproduced or distributed without the express written permission of A.M. Best Company. Visitors to this web site are authorized to print a single copy of the Best’s Rating Report(s) displayed here for their own personal use. Any other printing, copying or distribution is strictly prohibited.

Best's Ratings are under continuous review and subject to change and/or affirmation. To confirm the current rating, please visit the A.M. Best web site, www.ambest.com.

Section-specific photo Section-specific graphic


Risk Management
  • Seminars and CD Recordings
  • Online Risk Management Courses
  • Informed Consent Documents
  • Medical Office and Patient      Safety/Communication      Documentation
  • Forms and Documents in Spanish
  • Subspecialty Specific Information &      Documentation
  • OMIC Publication Archives
  • Risk Management Recommendations


    • Claims
  • Claims Statistics
  • Deposition Handbook
  • Litigation Handbook
  • Closed Claim Studies
  • Frequently Asked Questions
  • Litigation Stress Resource



    •  

    OMIC Publication Archives
     

    Practical Application of HIPAA Privacy Rules
     

    By Kimberly Wittchow, JD
    OMIC Member Services & Product Sales Assistant Manager
     

    [Digest, Winter, 2003]


    The April 14, 2003 deadline to comply with the HIPAA Privacy Rules is fast approaching. OMIC enumerated the many components of compliance in its Guide to Implementation of the HIPAA Privacy Standards sent to insureds in November 2002. OMIC has since fielded many questions from insureds about the practical application of the Privacy Rules to their practices. The following are a sample of questions we continue to address.

    Q Can I avoid being a Covered Entity under HIPAA if I contract with a billing service to transmit all electronic claims submitted on my behalf?
    A No. Submitting even one electronic claim after April 14, 2003, whether directly or through a contracted service, will trigger application of the Privacy Standards to you.

    Q Do I have to comply with HIPAA if I am a physician in a small, rural practice?
    A Your practice size and location generally do not affect your status under HIPAA. However, you are not a Covered Entity if you maintain either paper or electronic files but do not transmit PHI electronically and have not volunteered to be a Covered Entity by contract or certification. You should be aware though that as of October 16, 2003, Medicare will require practices with 10 or more employees to file claims electronically.

    Q Can I post a one page summary of my Notice of Privacy Practices in my office?
    A Yes. But in addition, you must post your entire Notice in a clear and prominent location in your office and make it available on your web site. If you make changes, you must post the amended Notice in your office and on your web site, but you do not need to redistribute it to your patients unless they ask for a copy.

    Q Can my office staff contact patients before we give them our Notice of Privacy Practices?
    A Yes. You must provide the Notice to each patient no later than the date of first service delivery or as soon as practicable in emergencies. Where you contact the patient by telephone to schedule an appointment or collect information in anticipation of a procedure, you can wait to provide the Notice until the patient comes into your office. When you do provide the Notice, you must make a good faith effort to obtain the individual's written acknowledgment of receipt of the Notice or document your efforts to obtain the acknowledgment and the reason it was not obtained.

    Q Can I ask patients to sign a blanket HIPAA Authorization form for any use or disclosure of their PHI?
    A No. A HIPAA Authorization is required for certain specific, non-routine uses or disclosures of PHI. Its required use is best defined by the exceptions. You do not need Authorization to disclose PHI to the subject of the PHI, the Department of Health and Human Services, or to people in the patient's "circle of care." You also do not need Authorization to use or disclose PHI for payment, treatment, health care operations, as required by law, or for many public health-related activities. In most other situations, Authorization is required. For example, you need Authorization to disclose PHI if you want to sell cataract/IOL outcome data that includes patient identifiable information to IOL manufacturers. You also need Authorization to disclose PHI if the patient is applying for disability insurance and the insurer requests the patient's medical record to make an underwriting decision.

    Q Do I have to enter into Business Associate Agreements with janitorial or other service providers?
    A No. Your Business Associates are persons or entities that perform certain functions or activities on your behalf or provide services to you that involve the use or disclosure of PHI. Certain service providers, such as janitors, electricians, and couriers of information, are not Business Associates because their services do not involve the use or disclosure of PHI.

    Q Are my patients' health plan insurers my Business Associates?
    A No. When you submit a claim for payment to a health plan and it assesses and pays the claim, you are each acting on your own behalf as Covered Entities and not as Business Associates of one another.

    Q How do I find out if my state privacy laws are stricter than HIPAA's?
    A Your state ophthalmic or medical society may have undertaken such an analysis for its members. You also may want to engage legal counsel to advise you on your specific responsibilities under both state and federal privacy laws.

    The primary resource for this article was the OCR Guidance Explaining Significant Aspects of the Privacy Rule - Dec. 4, 2002.


    Back to Top|Home|Copyright, Disclaimer & Privacy Statement
    © 2006 - 2011 Ophthalmic Mutual Insurance Company, A Risk Retention Group