If the term HIPAA causes you confusion, you’re not alone. HIPAA is complex – even for large healthcare organizations. Not all nutrition private practices will be subject to HIPAA requirements, but in order to determine if yours will be, you need to spend some time educating yourself.
This article covers essential terminology and concepts related to HIPAA compliance. Additionally, it contains links to helpful tools and resources.
What is HIPAA?
Let’s break down what exactly HIPAA is so you can understand how to prepare your nutrition private practice. First, HIPAA stands for Health Information Portability and Accountability Act. Often it is mistakenly referred to as HIPPA. Perhaps this is a new type of animal but has nothing to do with running your nutrition practice. Don’t make the beginner mistake, use the correct acronym, HIPAA!
HIPAA is a law that established national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also defines requirements for the privacy and security of protected health information (PHI).
Health care providers (yes, even RDNs), health plans, payers, and other HIPAA-covered entities must comply with this law. The requirements apply to all providers who conduct electronic transactions, not just providers who accept Medicare or Medicaid.
The HIPAA Privacy Rule (and Security Rule)
This rule gives individuals the right to be informed of the privacy practices of their health plans and of most of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information (PHI). Health plans and covered health care providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices.
The security rule is a closely related topic, but specifically addresses safeguards for electronic PHI (ePHI). Because most RDNs use electronic health records or interact with patients using digital mediums, it is important to understand the requirements.
What is a Covered Entity?
HIPAA applies to health care providers that conduct certain transactions in digital form. If you conduct any of these, you are a “covered entity.” These covered transactions relate to billing insurance and making inquiries with insurance such as statements of benefits.
Often there is a statement made that unless you accept insurance, you don’t need to comply with HIPAA. While it is typically true that HIPAA applies only to those performing covered transactions, the code of ethics for Registered Dietitians have explicit language that you should be familiar with and follow. For example: “The dietetics practitioner protects confidential information and makes full disclosure about any limitations on his or her ability to guarantee full confidentiality.”
Notice of Privacy Practices:
The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice that provides a clear, user friendly explanation of individuals rights with respect to their personal health information and the privacy practices of health plans and health care providers.
What is Business Associate?
A business associate is a person or organization, other than a member of a covered entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use or disclosure of individually identifiable health information. Common business associates include electronic health records (practice management tools) and email providers.
What is a Security Risk Assessment?
HIPAA requires that a covered entity conduct a security risk assessment. A risk assessment helps you ensure compliance with HIPAA’s administrative, physical, and technical safeguards. It also helps reveal areas where protected health information (PHI) could be at risk. A convenient tool is available to assist you in completing the assessment. It has been specifically designed for small practices.
HIPAA Compliance for Nutrition Private Practice
It can feel overwhelming to tackle the topic of HIPAA compliance, however with the right tools and resources, you can feel confident that your practice has the correct elements in place.