Joined at the HIPAA: HHS and OCR Get Serious with Phase 2

Jul 1, 2016 | State Associations

Dr. R. A. Foxworth, FICC, MCS-P

Dr. R. A. Foxworth, FICC, MCS-P

It’s no secret that when it comes to HIPAA compliance, chiropractors are vulnerable. You know it. I know it. Some doctors know it, or at least suspect it. And the Office of Inspector General (OIG), the Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) certainly know it, which is why HHS and the OCR launched Phase 2 of their HIPAA Audit Program this past spring.

Where are chiropractors falling short? Phase 2 gives us a clue. The pre-audit questionnaire is packed with questions about how practices handle PHI, including requests for information, data storage, encryption, firewalls, privacy notices, and cloud or other back-up. Notable among these items is a sharp focus on Business Associate Agreements (BAA). From consultants and accountants to software vendors, anyone who sees or could see PHI must sign a Business Associate Agreement and those agreements must be kept up-to-date. There are estimates that as many as 250,000 patients have been affected by breaches involving business associates. The OCR considers this a high-priority issue.

One thing to warn your members about right away is that the OCR considers its emails sufficient notice, whether they are actually read or even end up in the recipient’s junk folder. If the doctor in question doesn’t respond, the OCR will simply find contact information from public sources and proceed right ahead with the pre-audit questionnaire. It’s vital that your member doctors watch their emails, including their spam folders, very carefully. A sample email can be viewed here.

These Phase 2 audits are designed primarily to collect data. But if the resulting audit report catches a practice in a state of HIPAA non-compliance, a compliance review investigation will be launched. Depending on the outcome, HIPAA violation penalties ranging from $100 to $1.5 million, as well as possible criminal charges. This is serious business.

ChiroHealthUSA offers your members not only a compliant way to offer patients affordable care, we also offer valuable information, support, and training on compliance, how to prepare for an audit, and a host of other issues critical to today’s chiropractic practice. It costs you nothing to offer ChiroHealthUSA to your patients.  They pay only $49 per year and that covers the patients as well as members of their immediate families. It also offers your members a compliant way to offer any and all of their patients a capped, discounted fee-based on the practice’s actual fee schedule.

Help your members stay one step ahead of the HIPAA Phase 2 audits by directing them to to take advantage of our free compliance webinars, including “HIPAA Wars,” a great primer on preparing for the impending audits.