Eye On Managed Care
Protect Yourself on HIPAA Issues
Some third-party payers might overreact as they amend their provider agreements.

BY GIL WEBER, MBA, CONSULTING EDITOR, DAVIE, FLA.

The third-party payers with whom you're now contracted will soon be amending their provider agreements to address new requirements imposed by HIPAA (the Health Insurance Portabil-ity and Accountability Act). But some of the changes they make may be inappropriate for your practice -- and may even be out of step with the intention and wording of HIPAA. You need to be alert so you can avoid signing any contract amendment that misdirects you or results in unnecessary expense.

PITFALLS TO AVOID

Be on the lookout for amendments that require you to:

Dedicate more resources to HIPAA compliance than you realistically (and legally) need. The authors of HIPAA acknowledge that size does matter, so HIPAA regulations and degree of detail apply differently to various organizations. You shouldn't have to meet unnecessarily high standards.

For example, a hospital system or HMO likely will need a full-time person implementing and supervising patient privacy matters. However, your solo or small group practice probably needs only a staff person managing this part-time. Be wary of a provider agreement or amendment that misapplies HMO or hospital-level HIPAA requirements to your practice. That's overkill.

Release confidential patient records on demand, without a patient's signed authorization. As you probably know, you're required to have a signed records release before disclosing protected health information (PHI) for treatment or payment purposes, or for a plan's internal operations. But an insurance company may request patient records for other purposes, such as when attempting to seek recovery from another insurer.

Release of information for such purposes isn't covered under the standard release authorization; it requires a separate, signed release from the patient specifically for that purpose, which the payer should be responsible for obtaining.

Provide any and all data demanded by the payer. Plans are entitled to certain information in order to conduct business -- for example, to pay claims or perform a quality assurance audit -- but they're not entitled to more information than is reasonably required for that specific purpose. For example, if you're asked to submit data justifying a claim coded at a certain level, the payer is only entitled to the minimum amount of information it needs to make that decision.

If the new language says you must provide all data requested, you may find yourself caught between a rock and a hard place. If you provide the additional data, you violate HIPAA; if you don't provide the data, you're in breach of the amended provider agreement.

Release any information the patient requests. Watch out for wording (existing or amended) that mandates release of any and all information to the patient at no charge.

HIPAA regulations mandate that, upon demand, you must give your patient a free report detailing to whom you've released PHI. However, you're only required to provide each patient with one free report in a year. If a patient requests any additional reports, you're allowed to charge a "reasonable, cost-based" fee for each (as long as you follow rules mandating prior, written disclosure of such a fee).

You don't want to sign anything that obligates you to provide more than HIPAA specifies, especially for free.

BE ALERT AND GET HELP

Now more than ever, review provider agreements and amendments carefully. If language is out of step with the new HIPAA requirements, get it amended -- soon! (Always seek the help of experienced advisers and legal counsel.)

HIPAA compliance will be painful and costly. But "over-compliance" could be even more so.

Gil Weber, Ophthalmology Management's consulting editor, is a nationally recognized author, lecturer and practice management consultant to practitioners and the managed care and ophthalmic industries. He's served as director of managed care for the American Academy of Ophthalmology. You can reach him at (954) 915-6771, gil@gilweber.com  or www.gilweber.com.