I am delighted to share this piece, written by my talented young associate, Erica Youngerman, who specializes in Healthcare Law. I incorporate HIPAA compliance into my Employee Handbooks because with our alphabet soup of statutes, including FMLA (Family Medical Leave Act), ADA (Americans with Disabilities Act), and Title VII on the federal level as well as their state and local concomitants, this subject matter is relevant to every client-----and certainly to the accounting professionals with whom I collaborate.
Acting as a fiduciary on behalf of a client carries with it tremendous weight, especially when tasked with policing activity that may be outside of our understanding and scope. One such beast that plagues many of our physician clients is the Health Insurance Portability and Accountability Act of 1996 (HIPAA), HITECH and other state and federal regulations. Each of us being patients, we are aware of HIPAA and that privacy rights exist, but we may not be clear from a fiduciary standpoint of what our clients’ responsibilities are in regards to HIPAA. From that vantage point, it is important to educate ourselves regarding our clients’ potential risk areas and exposure so that we may effectively educate our clients as well as ourselves and understand our own limitations in representation as well as those resources that are available to assist in client response should a HIPAA issue arise. This article will briefly address potential areas of HIPAA exposure and the suggested fiduciary response.
The recent trend in HIPAA enforcement actions is fining and holding responsible entities with disregard of applicable laws and procedures. Fines will vary across a large spectrum ranging from hundreds to thousands of dollars per violation. Notably, part of the equation in determining fines will be the compliance of the practice. In addition to fines, there may be lawsuits, license ramifications, impact on patient trust as well as other negative consequences that should all motivate a medical practice or corporate entity to operate as compliantly as possible.
It is imperative that your clients be practicing with the proper internal and external compliance policies and procedures. In order to accomplish this, you should avail yourself of numerous professionals with differing areas of expertise who can work together as a team to assist the practice in its proper functioning and compliance. Every professional has a scope of representation in which they are able to provide services to their clients. As a fiduciary, it is a professional’s obligation to recognize and engage other professionals when an issue is outside of that scope.
It is clear that having the proper accountant on board to assist and oversee certain practice activities and structure is essential. Accountants play a vital role in ensuring that the financial aspects of the practice are in order and in compliance. Similarly, having competent healthcare legal counsel is vital, especially with respect to compliance with HIPAA and its many requirements. For example, the maintenance of an up to date Privacy Policy, Security Policy and patient consent prior to release of patient information are just a few of the documents a healthcare attorney should be preparing for a organization to have on file to be operating compliantly. Of note, in the case of a suspected breach of protected health information, it is important to have a Breach Notification Policy on hand to assist the company’s compliance officer and management in determining the practice’s proper response.
Also of great importance, both in your advisory role to a practice and to you personally, is the documentation between medical practices and third parties they work with, such as yourselves. Proper legal agreements should be in place to outline the respective services, responsibilities and liabilities of each party in order to best protect yourselves and your clients. Of significant note is the Business Associate Agreement, which you should have in place with all of your medical practices as well as your subcontractors.
Importantly, if you or your clients do find yourselves at the receiving end of a phone call or office visit from an investigator or regulatory agency, immediately involve competent healthcare counsel to protect yourself, your company and your clients from the outset.
HIPAA compliance is an ongoing commitment from a medical practice that requires the assistance of various experts working together to best serve their clients.
Ms. Youngerman is a senior associate in the healthcare department of Kirschenbaum & Kirschenbaum, P.C. and focuses her practice in representing healthcare professionals in all aspects of their professional practice, from start-up to sale, including general practice and patient issues, compliance, contractual issues, disputes and opportunities. For assistance with evaluating practice compliance or implementing compliance documentation and training, contact Erica at eyoungerman@kirschenbaumesq.com or 516-747-6700 ext 308. More information on Kirschenbaum & Kirschenbaum, P.C. is available at www.kirschenbaumesq.com.
This email is provided for news and information purposes only and does not constitute legal advice or an invitation to an attorney-client relationship. While every effort has been made to ensure the accuracy of the information contained herein, Kirschenbaum & Kirschenbaum PC does not guarantee such accuracy and cannot be held liable for any errors in, any reliance upon this, or losses caused by the information. Under New York's Code of Professional Responsibility, this material may constitute attorney advertising. Prior results do not guarantee a similar outcome.