APA's Practice Organization is helping psychologists get ready for the April 20 Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance deadline through an online primer and step-by-step materials to analyze their readiness.
The rule applies only to protected health information, such as patient records, that is transmitted or maintained in electronic media. It requires psychologists to do a documented "risk analysis" of the their practices' potential security risks and vulnerabilities, says David Nickelson, PsyD, JD, director of technology policy and projects for the Practice Organization. For example, practitioners will need to examine the physical and technical security of their office, computer system, computerized records and the administrative security policies and procedures they have in place and make improvements if their security measures are not up to HIPAA Security Rule requirements.
The rule requires protection of the confidentiality, integrity and availability of electronic patient records and applies when a psychologist--or an entity acting on behalf of the psychologist, such as a billing service--electronically sends health information in such transactions as health-care claims and health-plan premium payments, Nickelson says.
The primer on the rule and how to comply is available at the APAPO Web site. The Practice Organization is also developing compliance materials to assist practitioners with each aspect of the rule, from doing a risk analysis to creating a policies and procedures manual. The Practice Organization expects to offer continuing-education credits for these compliance materials. These HIPAA Security Rule materials are a companion piece to the HIPAA Privacy Rule materials released in 2003.