Introduction:
Even though we would like to think it is not the case, there may still be some speech-language pathologists who are unfamiliar with, or unaware of, Public Law 104-191 - the Health Insurance Portability and Accountability Act of 1996, or HIPAA. This law is an expansion of the original Kennedy-Kassebaum legislation that was enacted to improve the portability and continuity of health insurance coverage for working Americans.
In its current form HIPAA has two main provisions: (1) that individuals are able to have continuing access to health insurance (portability) and (2) that standardized methods and procedures must be implemented by all health care providers and entities to insure the privacy and security of a patient's personal health information (accountability). It is this latter portion of the law that can have a significant impact on the business practices of all health care providers (e.g., speech-language pathologists, physicians, dentists, hearing healthcare practitioners, etc.) and health care entities (e.g., health plans, hospitals, billing services, insurance companies, etc.).
Do speech-language pathologists need to be compliant?
The unequivocal answer to this question is YES! Although there may be some speech-language pathologists who are under the impression that they are exempt from HIPAA because they do not conduct certain electronic health information transactions, the fact is -- they must still be compliant with HIPAA's privacy and security regulations (Title II of the Act). HIPAA's privacy rules provide individuals receiving treatment for speech disorders with safeguards to ensure their personal health information is adequately protected, and appropriately used to provide quality patient care. HIPAA's security regulations address the practitioner's specific efforts to protect the integrity of the personal health information acquired, and provide methods and procedures to prevent unauthorized breaches of privacy.
The need to comply with HIPAA comes at a time when personal identity theft ranks as the most common form of consumer fraud. Speech-language pathologists must be particularly sensitive to protecting the confidentiality of patient information, as each practitioner collects a significant amount of individually identifiable health information on each of their patients. Prior to the passage of HIPAA, there were no federal standards to ensure the confidentiality of patient health information. And, although each state may have some regulations concerning the privacy of personal records, few are comprehensive in scope and many provide little or no legal protection for the unauthorized use of health information. In some states, the laws protecting video rental lists are far more rigorous than those dealing with patient information. Compounding this situation is the fact that many state privacy laws were written years, if not decades ago, and have fallen ''behind the times,'' making it unclear as to who in the contemporary health care system has the responsibility for maintaining the confidentiality of health information.