So greetings and thank you for joining me in this blog.  As the Practice Administrator at HSOTC, I am responsible for making sure the office runs without a hitch and our files (client and internal documents) meet compliance standards.  This is to say that everything reflects thorough and accurate documentation within the organization.  Compliance means that your business and its records are meeting rules and standards.  These rules and standards are typically established by agencies that fall into one of four regulatory and/or funding sources:  federal, state, local or private.

Can you think of one agency that you are responsible to regarding compliance?

There are multiple answers that I will share, but I will tell you as an organization that specializes in mental health, the first agency that comes to mind is the Department of Health and Human Services.  More specifically HIPAA.  For the remainder of this blog, I’ll share with you some information on HIPAA.

HIPAA stands for Health Insurance Portability and Accountability Act.  This was enacted in 1996 by Congress.  Many of the issues surrounding the development of this act involved the insurance industry and management of records as health care started moving in to the electronic era.  However, as it was written it included health plans, health care clearing houses and health care providers.  Key phrase for us here is health care providers.

The main ways of being in compliance with HIPAA are insuring the privacy, confidentiality and security of client records.  Every client you see for therapy must be given a privacy and confidentiality notice for your practice.  There are two parts to this.  One is the privacy and confidentiality notice that the client keeps, and the second part is a form that the client must sign stating that he/she received this notice.  Once signed it must be placed in the client’s chart.

Regarding security of records, records should be secured in a lockable fireproof cabinet followed by two more layers of security.  Basically this means there must be three levels of security in place.  The first could be the front door of your business (I’m assuming you lock your business every day), the second could be a locked office door where the locked filing cabinet resides.  Again…three levels of security.  Do not leave records out on a desk if no one is around.

The other way to insure compliance is to make sure all communication is protected.  This includes insuring that the platform by which you communicate is secure:  phones, computers, e-mails, etc.  Office phones should not be wireless, e-mails should only use client initials (no use of SS#, DOB, or full names).  Noise in the office and the chance of hearing private dialogue should be managed with “white noise”.  Finally, when using cell phones, as with wireless phones, don't disclose client names or any identifiable information.

For more HIPAA info please visit www.hhs.gov/ocr/hippa.

I look forward to the upcoming discussion and having you think more about compliance.  Here is a list of other agencies that you may be responsible to where compliance is concerned:

Regards!

Lisa Wheeler, MS Ed, PA-C
Practice Administrator
Horse Sense of the Carolinas, Inc.