From: www.bodyzone.com

HIPAA Bottom Line: A partial summary of HIPAA 
  
WHO is affected:   Chiropractors, and everyone else in health care is affected.  
If you ever send any patient information electronically, you are a HIPAA Covered 
Entity.  And if not, you still have to keep every patient¼s Protected Health 
Information (PHI) private. 
  
WHAT is HIPAA:  A Federal consumer protection Law giving patient¼s new 
privacy rights, and chiropractors new responsibilities to create and maintain  
"formal documented procedures¾ about patient privacy. 
  
WHERE do changes need to be made?  In your office, and in your office 
procedures. 


HIPAA compliance requires making an honest effort for your office. You have to 
implement „reasonable¾ measures to strongly protect patient privacy. A hospital 
and a solo doctor office will be judged differently.   
  
You start with a record of what needs to change in your office (the „Gap¾ 
analysis) end up with two new office manuals which comply with your state law 
- one HIPAA office policy manual, and one HIPAA office procedure manual to 
protect the privacy of patient files, computers, travel cards and all other records.   
  
Your HIPPA Privacy officer (probably you) will, among other things, obtain and 
implement a: 
  
NOTICE OF PRIVACY PRACTICES telling Patient¼s they have the right to view, 
copy or amend their records; restrict and be informed of disclosures; demand 
alternative communications, and complain to the secretary of Health and 
Human Services. 
  
BUSINESS ASSOCIATE AGREEMENT for anyone who ever has any access to 
any patient records. 
  
MEDICAL RECORDS RELEASE (many old "Authorization to Release Medical 
Records" are HIPAA defective). 
  
PLUS HIPAA compliant Consent forms, restriction of disclosure forms, Patient 
request for amendment to record form, patient complaint form and possibly 
others, 
  
WHEN: By April 14, 2003, you must document that you have evaluated your 
practice, changed what is necessary, and generate a HIPAA Compliance 
Verification Report. 
  
WHY:  BIG $$$ FINES.  $25,000 maximum for any one kind of violation (although 
minor violations are only $100).  $50,000 fine and/or up to one year in jail for 
wrongful disclosure of PHI.  PLUS, there may be additional malpractice 
exposure if your practice is in violation of federal law.