Risk Management

New Coverage for HIPAA Proceedings

By Kimberly Wittchow, JD

Digest, Fall 2001

On January 1, 2002, OMIC will add patient privacy regulatory proceedings coverage to its fraud and abuse insurance program. This is because, hot on the heels of the government’s Medicare/Medicaid fraud and abuse initiative, another potential regulatory nightmare for ophthalmologists looms. The Health Insurance Portability and Accountability Act (HIPAA), one of the federal laws invoked in anti-fraud cases, contains new patient information privacy regulations enforceable beginning April 2003. This complex set of rules sets stringent standards for maintaining the privacy of individually identifiable health information.

Clarifications and guidelines already have been published to further elucidate the HIPAA statutes, with more to follow as health care providers try to make sense of HIPAA in relation to state privacy laws and their current practices. Simply stated, the law provides that a health care provider may not use or disclose protected health care information (PHI) except as required or permitted. Health care providers will need to provide patients with new blanket consent and specific authorization forms for the use of patient PHI. Ophthalmologists and anyone they share PHI with (such as companies providing accounting, billing, accreditation, or legal services) must enter into business associate agreements stating they will take appropriate safeguards in the transmission and use of PHI. When PHI is disclosed, providers may be require to de-identify the PHI or make reasonable efforts to disclose only the minimum information necessary to accomplish the intended purpose.

Under the new regulations, patients will have many affirmative rights that providers must facilitate. For example, patients can request restrictions on the use of their PHI; inspect, copy, and amend their PHI; and request an accounting of disclosures that providers have made of their PHI. In addition, health care providers must comply with certain administrative requirements, including: documenting their policies and procedures; appointing a privacy official; implementing privacy training; and creating administrative, technical, and physical safeguards to protect PHI.

HHS Encourage Cooperation
While much of this seems daunting, the U.S. Health & Human Services Department is encouraging cooperation and assistance to help providers achieve compliance – unlike the witch-hunt tactics of anti-fraud forces. Further, when assessing a practice’s reasonable compliance, the government will take into consideration a provider’s size and type of activities related to PHI. Punitive enforcement, at this point, is not a priority. However, civil fines, lawsuits, criminal fines, and imprisonment are tools the government can imply if it chooses to aggressively ferret out non-compliers.

What does this mean to OMIC insureds? First, it is essential that ophthalmologists understand the law and how it applies to their practice. Second, they must discern what steps to take to be compliant come spring 2003. Third, practitioners need to implement a protocol and then follow through on prescribed compliance procedures. Fourth, ophthalmologists should ensure that, as part of their insurance package, they are covered in the event the government targets their practice for violation of HIPAA regulations.

In light of the quickly approaching April 2003 deadline, OMIC is taking measures to protect and educate insureds. Risk management seminars will cover HIPAA privacy rules, and in early 2002, OMIC will make a HIPAA compliance program planning tool available to help insureds further understand the law and implement protocols to protect patient health care information.

Coverage for HIPAA Proceedings
Also in 2002, OMIC is expanding its fraud and abuse insurance program to cover HIPAA proceedings. OMIC’s Fraud & Abuse/HIPAA Privacy insurance will cover legal expenses civil proceedings instituted against the insured by a government entity alleging violations of HIPAA privacy regulations. OMIC’sComprehensive Fraud & Abuse/HIPAA Privacy insurance will cover legal expenses for proceedings instituted by a government entity alleging HIPAA privacy violations and resulting in administrative fines and penalties.

This HIPAA privacy coverage is in addition to both policies’ coverage of billing errors proceedings instituted by a government entity, third party payor, or qui tam (whistleblower) plaintiff under the False Claims Act. OMIC will provide a Fraud & Abuse/HIPAA Privacy policy free to its professional liability insureds $25,000 limits ($50,000 effective Jan 1, 2011). Higher limits to $100,000 are available for additional premium. OMIC offers American Academy of Ophthalmology members who are not OMIC professional liability insureds the opportunity to purchase this legal expense coverage as well. OMIC insureds and other Academy members also are eligible to purchase the Comprehensive Fraud & Abuse/HIPAA Privacy policy with limits ranging from $250,000 to $1,000,000. A $1,000 deductible applies to both policies.

For further information regarding OMIC’s new Fraud & Abuse/HIPAA Privacy program, please call the Sales Department at (800) 562-6642, ext. 654.

Please refer to OMIC's Copyright and Disclaimer regarding the contents on this website

Leave a comment

Six reasons OMIC is the best choice for ophthalmologists in America.

#4. Largest insurer in the U.S.

OMIC is the largest insurer of ophthalmologists in the United States and we've been the only physician-owned carrier to continuously offer coverage in all states since 1987 (pending in WI). Our fully portable policy can be taken with you wherever you practice. Should you move to a new state or territory, you're covered without the cost or headache of applying for new coverage.