California Physician

HIPAA FAQ

Q: How do I know if I’m covered by HIPAA?
A: The Health Insurance Portability and Accountability Act (HIPAA) applies only to health care providers who use electronic means—such as Internet, extranet, virtual private network, and dial-up—to perform designated transactions. Those include filing claims, determining eligibility, receiving payment, checking claim status, and seeking referral authorization. It also applies to those whose billing service or clearing-house engages in such electronic transactions on their behalf.

Q: Am I covered by HIPAA if I e-mail information on a patient to another doctor?
A: Merely transmitting health information electronically does not subject you to HIPAA regulations. You must engage in one of the designated transactions. However, you are still obligated by state law to protect such information, and you must be sure your means of transmission is reasonably safe.

Q: Can I opt out of HIPAA by not engaging in electronic transactions?
A: Yes. If you choose not to engage in electronic transactions and do not to use a billing service or clearinghouse that does so, you will not be required to comply with HIPAA’s privacy and security rules. Though this may save you some time and trouble in the short term, it may also mean that the payment of your claims will be delayed until well after all electronic claims are paid. CMA leaders believe that all physician practices will benefit from the efficiency and savings of electronic transactions. Read about these benefits in ON CALL document #1600 (available free to members at http://www.cmanet.org/logon). Nonmembers can purchase the document at the CMA Bookstore for $66.

In a separate rule, Congress decided that practices with 10 or more FTEs (full time equivalents), including physicians, must file Medicare claims electronically after October 16, 2003. Complying with this obligation will subject you to HIPAA. This rule applies only to Medicare.

Q: Might the government eventually require all physicians to file claims electronically?
A: It is possible that health plans, not the government, will require participating providers to file electronically. The only government requirement at present is the one for Medicare discussed above.

Q: Does filing a compliance plan automatically mean I have to comply with HIPAA?
A: According to the U.S. Department of Health and Human Services, filing the compliance plan (due no later than October 15, 2002) will not subject you to HIPAA if your practice activities do not come within the statute’s requirements. If you are now using electronic means or plan to do so before October 2003, CMA recommends that you file the compliance plan now to avoid any risk of Medicare exclusion for failure to comply with HIPAA’s transaction rule.

Q: If I file the plan, do I get to delay compliance with the privacy rule?
A: No. The privacy rule becomes effective April 14, 2003 for all covered by HIPAA.

See http://www.calphys.org for more HIPAA information.