“If I Accept Insurance, Do I Have to Deal with HIPAA?”
By Barbara Griswold, LMFT
(February 24, 2011)
At my workshops, I have been surprised to find that many therapists avoid getting involved with insurance because they don’t want to deal with HIPAA. But let’s burst this myth right here: Taking insurance does NOT have to mean dealing with HIPPA. But I can also tell you that in my opinion, HIPAA is not a hassle.
But let’s start at the beginning: HIPAA (the Health Insurance Portability and Accountability Act) was passed (in part) because of concerns about the privacy of medical information, especially in light of the increasing use of computers by insurance plans and medical practices. While it is not within the scope of this article to cover all the ins and outs of HIPAA regulations, I want to address a few general FAQs as they relate to taking insurance:
“Do I have to deal with HIPAA?” According to David Jensen, staff attorney at the California Association of Marriage and Family Therapists, you are a “HIPAA covered entity” and MUST deal with HIPAA if you exchange client information with a health plan electronically (via e-mail or Internet), such as if you visit a plan’s website to submit claims, check eligibility/benefits, request authorizations, view Explanations of Benefits, or if you receive/send client info in an e-mail from/to a plan. You also must be HIPAA compliant if a billing service or claims clearinghouse does electronic transactions for you.
“So if I don’t use a computer in this way?” You DO NOT have to deal with HIPAA if you don’t deal at all with insurance claims, or you give invoices to your clients to submit to their plan, or you only submit paper claims by mail or fax and you have no one submit claims electronically on your behalf. I know many therapists who deal with insurance and avoid HIPAA simply by avoiding these electronic transactions.
“What if I use the computer to e-mail clients?” Not the same thing. HIPAA has to do with revealing or exchanging a client’s private health information with a third party (in this case, the insurance plan).
OK, so if I do became a “covered entity,” what would I need to do?” It’s probably easier than you think. Here are a few things you’ll need to do:
- Learn about HIPAA compliance. Attend a course or read a few articles.
- Give all clients (even self-pay) a copy of a HIPAA “Notice of Privacy Policies,” and have them sign a simple Acknowledgement saying they received it. Get a Notice from your professional organization, or from any HIPAA course or manual.
- Follow some common-sense HIPAA security rules. Provide computer security, including virus protection, backup, firewalls, and passwords. There are also some rules about your paper records and fax.
- Get your National Provider Identifier (NPI), which is used by all health plans to identify you. It’s free and easy to get. The NPI does not replace your Tax ID Number (TIN) on claims. Any health provider can get one – applying does not automatically make you a covered entity.
“But do I really have to?” One day all of us will likely be required to deal with HIPAA. As health plans become more electronically dependent, they may one day require electronic submission of ALL claims. And HIPAA and NPIs may become the standard of care – if not legally required – for all providers. But for now, you still have the choice.
[ back to articles ]
Barbara Griswold, LMFT, is the author of Navigating the Insurance Maze: The Therapist’s Complete Guide to Working with Insurance – And Whether You Should. To purchase the book or other resources for therapists, click here. Contact Barbara at firstname.lastname@example.org to get answers to your insurance questions.
Copyright 2008-, Barbara Griswold, LMFT. No part may be reproduced without written permission of the author.