All medical and healthcare offices are required to follow HIPAA rules and regulations. However, many wonder if acupuncturists need to also be HIPAA compliant. The answer isn’t always easy to find and there’s a lot of “gray” area when it comes to HIPAA and acupuncturists. Some legal advisors say they should, while others suggest only if the acupuncture clinic falls into one of the categories that requires them to be HIPAA compliant. HIPAA regulates electronic data exchange of health care information. It’s intended to protect the privacy of patients that’s transmitted by electronic media or in any other medium (whether electronic or Hardcopy).
Some acupuncturists believe they don’t need to be HIPAA compliant because they don’t bill insurances for reimbursement or send out electronic bills (just two of the things required for HIPAA). If this is your situation, then this transaction code set section of HIPAA doesn’t apply to you. BUT, that’s only one of the sections in HIPAA regulations. There are three more that go into detail on background, security and privacy – which can apply to acupuncturists. Just because there’s no electronic billing involved doesn’t mean that your patients shouldn’t have their private information protected and secured.
There are literally hundreds of HIPAA rules and regulation pages to read many do apply to acupuncturists. Patients should still be given a Notice of Privacy Policies in writing and must still keep personal identifiable healthcare information private. If you’re still unsure if you should be HIPAA compliant, you might want to just follow the rules and regulations to be on the safe side. This simply means going through the process as any other health care provider or office would. Have each new patient sign a “Notice of Privacy Policies” form, present them with a separate form indicating they’ve received that Privacy Policies form and have them sign a form of consent for treatment, payment and healthcare operations. They must also sign a form to authorize any and all releases of their private health information and document and maintain a compliance manual. Place confidentiality notices on all e-mails and faxes and comply with security regulations for electronic devices.