HIPAA-nomics: Compliance or Certification?

| December 3, 2014
myoutcomes evidence based therapy hipaa certified

“As the healthcare industry has worked to become HIPAA compliant, “HIPAA certification” has become a new buzz phrase.”

The Health Insurance Portability and Accountability Act of 1996, commonly referred to as HIPAA, has mental health providers and agencies all abuzz. Also known as the Kennedy-Kassebaum bill, it is a far reaching law with the primary purpose of reducing healthcare costs and protecting consumers of healthcare. The bill has been shown to be flexible enough to be easily adapted to the changing conditions of how the business of providing healthcare is conducted. Because of this, HIPAA has been successfully applied to an era when so much data is stored and transmitted electronically.

Of the five titles in the act, only Title II, which addresses fraud, administrative simplification, as well as the privacy and confidentiality of patient information, is of direct concern to mental health providers. HIPAA, with the more recent HITECH Act, places tremendous responsibility for securing and protecting the privacy of client's Individually Identifiable Health Information (IIHI) upon Covered Entities, or the health providers, health plans and healthcare clearinghouses. The HITECH Act specifically addresses breaches of electronic Protected Health Information (ePHI), as well as making Business Associates, who have access to that information and provide some service for a Covered Entity, equally accountable to the provisions in HIPAA.

What makes HIPAA particularly worrisome for many is that it has potentially large teeth. Failures and violations can result in large financial penalties and, possibly, time in prison. Who wouldn't be worried?

However, it needs to be kept in mind that HIPAA is not about penalties. Instead, it is about securing and protecting private information. In a way, it encourages you to consider what you would want done with your own private information and then make it so for the IIHI of others that you are responsible for. Simple, really.

While recognizing that one size doesn't fit all, HIPAA and the HITECH Act spell out what needs to be addressed in order to be compliant with the law. Aside from the fact that what is expected is quite reasonable and common sense, it is important to keep in mind that compliance is not a state that is achieved. Instead, compliance is an ongoing process that needs to be maintained.

As the healthcare industry has worked to become HIPAA compliant, “HIPAA certification” has become a new buzz phrase. Inherent in the phrase is the idea that the HIPAA readiness of a Covered Entity or Business Associate can be measured in one point in time and that can be predictive of the future. However, nothing is further from the truth. HIPAA compliance is an ongoing process, so certification is only relevant for that moment when HIPAA readiness was measured. It says nothing about the next hour, let alone the next day, week, month or year. This essentially makes certification a waste of money. Of course, there are plenty of shady sharks who will take advantage of the fears of health providers and promise to deliver something they can't deliver on…for a fee.

Ultimately, HIPAA compliance boils down to two things. It is about securing personal and private information and it is about economics. By making a reasonable investment of time and resources, you can secure the private information of your clients and avoid fines.

HIPAA certification is about only one thing. Economics. If you are a business whose customers demand certification, you need to decide whether paying for certification is an investment worth making in order to avoid the loss of those customers. Having HIPAA certification does nothing for you being compliant and has no impact upon whether you will be fined or not. Really, when it gets down to it, the question you need to ask yourself is whether handing your money over to the certification sharks is good HIPPA-nomics.

MyOutcomes, the web-based application of Partners for Change Outcome Management System (PCOMS), is always engaged in maintaining HIPAA compliance. We are serious about securing your clients' ePHI whenever you use the SRS, Session Rating Scale, software and the ORS, Outcome Rating Scale, the software when working to improve psychological health.

As evidence of our commitment to being vigilant in respect to privacy and security, MyOutcomes has partnered with Compliance Helper, a program that monitors HIPAA compliance on a day-to-day basis. Our customers will be able to view the compliance meter posted on our website to assure themselves of our compliance. In keeping with our dedication to be HIPAA educated, we are also in the process of having one of our team members complete their HIPAA professional certification (CHP) . The CHP will continue to insure that MyOutcomes is always up-to-date with the latest HIPAA privacy and security regulations.

Know more about MyOutcomes


Pinterest Twitter Facebook Linkedin Youtube Email

Tags: , ,

Category: HIPAA compliant

Comments are closed.