Prevent problems with privacy regs

Mistakes could prove costly

Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a major area of concern for patient registration areas, according to Nancy Dean, vice president of compliance, privacy and internal audit at NYU Langone Medical Center in New York City.

Staff members must give patients the Notice of Privacy Practices, have them sign the acknowledgement, and then correctly log this information into the registration system, says Dean. They also must inform patients how their information is going to be used, she says.

In addition, says Dean, registration staff members must be able to effectively answer the patients' HIPAA questions. "Staff must ask patients when they are being admitted if they would like to be listed in the facility directory," she says. "They must collect appropriate documentation to ensure they are dealing with the actual patient and not someone who may have stolen the patient's medical identity."

Staff must verify the patient's identity through photo identification, a palm scan, or other methods, to ensure they are addressing the correct patient, says Dean. "Medical identity theft can be more than an insurance or financial issue. It can also jeopardize a patient's care by compromising their medical record," she says. "Ensuring insurance information is accurate and complete is also critical to make sure correct billing takes place."

Avoid complaints

Patients can file complaints with the Office of Civil Rights if they feel that their HIPAA rights were violated, warns Dean.

"Patients that do not understand their HIPAA rights and how their information is used, disclosed, or secured may file a complaint," she adds.

Penalties for HIPAA violations have increased under the Health Information Technology for Economic and Clinical Health Act, now ranging from $100 to $50,000 per violation, and there has been a recent increase in enforcement actions, notes Dean. "The federal government is taking HIPAA very seriously," she says. "So are patients, because they're more frequently hearing about HIPAA breaches and medical identity theft activities in the media."

Dean recommends taking the following steps:

• Develop a checklist for the registration staff, so they are certain to ask all the necessary questions, distribute needed materials, obtain signatures when needed, and verify the patient's identity.

• Re-evaluate processes regularly to make sure they are still appropriate.

• Conduct random audits to ensure staff are following policies and procedures.

• Provide registration staff with training on HIPAA requirements and the organization's policies and procedures.

"A well-trained staff can answer patients' questions, identify any potential issues, and resolve issues quickly," Dean says.