COVID-19 UPDATE: We are fully operational and serving providers through this uncertain time. Please contact us to learn about FREE Telemedicine options for your practice. Dial: 888-394-7815.

HIPAA Compliance – Common Myths

HIPAA Compliance – Common Myths

With regard to compliance for license renewal, most physicians know little about the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its privacy and security rules. But the present-day risks of ignoring your legal obligation to implement and administer an up-to-date compliance program are severe.

Protecting a physician’s profession is a daunting task, given that it has become a target this year. With that in mind, understand that you can

  • Fall victim to the new $50,000 minimum fine (up to $250,000)
  • Potentially lose your license
  • Face criminal charges with the recent involvement of the Department of Justice (DOJ) in the newest round of audits and enforcement

Myths are usually born of ignorance, denial, or intentional and willful neglect.

HIPAA and Medicare officials have decided physicians have been ignoring compliance for too long, therefore deficiencies in compliance are likely to be considered “willful” in many cases. This is where the DOJ comes in to enforce criminal prosecution relative to audit findings.

There are other penalties as well. So, be wary of the myths and outdated material surrounding HIPAA and Medicare compliance. If you have been putting your head in the sand and think it could never happen to you, you need to make up for lost time.

One of the most dangerous myths concerns electronic health record (EHR) software.

MYTH #1:

“I am OK with HIPAA compliance because my new certified EHR covers that

This is false.

There are security laws and privacy laws. Many of these address the safety of stored and transmitted data. But technology protection is only a small part of HIPAA compliance and Medicare requirements come into the picture.

Remember, the Office of Inspector General (OIG) also enforces Medicare compliance. When one area attracts their attention it can lead to investigations in the other. And with Medicare, you can potentially face fines, prosecution for fraud, be forced to return money to the government, and much more.

MYTH #2:

“Compliance is accomplished as long as you have some kind of release form to be signed prior to releasing patient records and you don’t leave patient information (like patient charts) laying around.”

In fact, there are eight required release forms you must have in your compliance manual.

This means it takes eight forms to fulfill the requirements of one chapter of your compliance manual and there are about a dozen critical chapters you need to have in your manual — each with requirements you must meet. Most practices fall way short and are heavily exposed.


“They are just saber rattling. They won’t really do anything.”

Don’t bet your future on that. The government has opened hundreds of new offices to house auditors, enlisted auditors from the major insurance companies, and contracted with outside agencies for even more enforcement potential.

As recently as May 2, 2012, compliance task forces seized documents and filed charges against 107 suspects and suspended payments to 52 providers in one day.


“If we just do a good job of protecting patient information we will be OK.”

Unfortunately the attitude of officials is usually: “If it was not documented, dated, and signed, it was not done.” It doesn’t matter how many of your staff testify that a safeguard is standard operating procedure.

You need a HIPAA manual, with the correct index tabs, correct forms, and documentation of improvements you are making to your required ABN, clinical files, and claims denial audits, along with staff trainings, forms updates, compliance officer training, and more.

The Solutions

Get help: It is almost impossible to be 100-percent compliant, so you must do all you can. Due to the complexity and constant changes in HIPAA requirements, professional assistance is strongly recommended. The reason for the law in the first place was to have healthcare professionals police themselves. Any documentation of your efforts to achieve compliance will help immeasurably in an audit

Quest National Services is offering an affordable, comprehensive, Turnkey HIPAA Compliance Solution complete with:

  • 8 Step DVD training with savable PDF Documents
  • 8 Step Paper Binder for Training
  • Complete HIPAA Training Videos based on OCR, CMS AND
  • FULL telephone and email support for one year that is
    renewable to get you compliant for years to come.