64 MONITOR ON PSYCHOLOGY • OCTOBER 2013
Practice PERSPECTIVE ON
Have you met the deadline?
BY DR. KATHERINE C. NORDAL • EXECUTIVE DIRECTOR FOR PROFESSIONAL PRACTICE
If you electronically transfer protected health information — a broad
More urgently, if you trigger HIPAA and haven’t taken the
category that covers a patient’s contact information, clinical record or
payment history — in connection with insurance claims or other third-party
reimbursement, you’ve likely triggered the need to comply with the Health
Information Portability and Accountability Act (HIPAA). If you haven’t yet
changed your compliance practices and documents to meet the
Sept. 23 deadline for the HIPAA Final Rule, you need to act now.
basic steps to start complying with the HIPAA Privacy Rule
and Security Rule, stricter enforcement and penalties under the
Final Rule make this oversight risky.
Sept. 23 was the deadline for all providers covered by HIPAA,
including psychologists, to comply with the HIPAA Final Rule,
which was released in January 2013 by the U.S. Department of
Health and Human Services (HHS). The Final Rule increases
enforcement and penalties, especially for those who have not
tried to comply, and includes penalties of up to $1.5 million per
year, per HIPAA requirement violated.
Under the Final Rule, HHS will step up HIPAA audits. In
addition, the “breach notice” provisions mean that if your
laptop or smartphone is stolen and has unencrypted protected
health information on it, you will probably have to notify
HHS (and affected patients) of that breach. This could shine a
spotlight on the state of your HIPAA compliance.
I know from personal experience that HIPAA compliance
can be arduous. I was in private practice in 2005 when the
Security Rule went into effect. The APA Practice Organization’s
(APAPO) “HIPAA Security Rule Online Compliance
Workbook” translated the rule’s legalese into the required risk
assessment tailored for a psychological practice. Even so, I spent
a significant amount of time getting into compliance. Despite
the time commitment, I knew that I needed to be in compliance
with the law, and more important, I wanted to be sure to
protect my patients’ information.
APAPO has prepared several resources to help practitioners
understand the changes and come into compliance. Aside from
enforcement and penalties, other important changes in the
Final Rule that affect psychologists concern breach notification,
notice of privacy practices and business associates. APAPO’s The
HIPAA Final Rule: What You Need to Do Now is available free
for APAPO members and to past and future purchasers of the
“HIPAA for Psychologists” compliance product from APAPO.
The HIPAA Final Rule resource updates existing HIPAA Privacy
Rule compliance information and includes updated language
to insert into your HIPAA forms. It is available to APAPO
members and can be found on APAPO’s Practice Central
website at http://bit.ly/hipaafinalrule.
If you’re new to HIPAA compliance and need basic
compliance forms and information, consider starting with
“HIPAA for Psychologists,” a CE course and compliance
product developed by APAPO and the APA Insurance Trust. It is
available on APAPO’s Practice Central website.
The “Privacy Rule Primer,” also from APAPO, has been
updated to explain how Final Rule changes affect Privacy Rule
compliance. The primer provides a refresher for those who started
complying years ago and an introduction for new practitioners
just starting with HIPAA. It covers HIPAA basics such as who
needs to comply with the HIPAA Privacy Rule and the HIPAA
Security Rule, and what types of information are protected. n
HIPAA resources for you
APAPO has created resources and information to help
• The HIPAA Final Rule: What You Need to Do Now.
psychologists comply with the HIPAA Final Rule, Privacy
Rule and Security Rule. All resources are available in the
HIPAA compliance section of APAPO’s Practice Central
website at www.apapracticecentral.org/business/hipaa/
index.aspx. These resources include:
• “HIPAA for Psychologists,” a CE course and online
• The 2013 “Privacy Rule Primer.”
• “HIPPA Security Rule Online Compliance Workbook.”