AudiologyOnline Phone: 800-753-2160

CapTel Reconnect - December 2022

Are You Prepared for HIPAA Compliance?

Are You Prepared for HIPAA Compliance?
Paul Popp, PhD, BC-HIS, MCAP, Beth Lane
February 17, 2003


Even though we would like to think it is not the case, there may still be some hearing healthcare practitioners who are unfamiliar with, or unaware of, Public Law 104-191 - the Health Insurance Portability and Accountability Act of 1996, or HIPAA. This law is an expansion of the original Kennedy-Kassebaum legislation that was enacted to improve the portability and continuity of health insurance coverage for working Americans.

In its current form HIPAA has two main provisions: (1) that individuals are able to have continuing access to health insurance (portability) and (2) that standardized methods and procedures must be implemented by all health care providers and entities to insure the privacy and security of a patient's personal health information (accountability). It is this latter portion of the law that can have a significant impact on the business practices of all health care providers (e.g., hearing healthcare practitioners, physicians, dentists, druggists, etc.) and health care entities (e.g., health plans, hospitals, billing services, insurance companies, etc.).

Do hearing healthcare practitioners need to be compliant?

The unequivocal answer to this question is YES! Although there may be some hearing healthcare practitioners who are under the impression that they are exempt from HIPAA because they do not conduct certain electronic health information transactions, the fact is -- they must still be compliant with HIPAA's privacy and security regulations (Title II of the Act). HIPAA's privacy rules provide individuals receiving treatment for hearing loss (and/or other disorders that fall within the practitioner's scope of practice) with safeguards to ensure their personal health information is adequately protected, and appropriately used to provide quality patient care. HIPAA's security regulations address the practitioner's specific efforts to protect the integrity of the personal health information acquired, and provide methods and procedures to prevent unauthorized breaches of privacy.

The need to comply with HIPAA comes at a time when personal identity theft ranks as the most common form of consumer fraud. Hearing healthcare practitioners must be particularly sensitive to protecting the confidentiality of patient information, as each practitioner collects a significant amount of individually identifiable health information on each of their patients. Prior to the passage of HIPAA, there were no federal standards to ensure the confidentiality of patient health information. And, although each state may have some regulations concerning the privacy of personal records, few are comprehensive in scope and many provide little or no legal protection for the unauthorized use of health information. In some states, the laws protecting video rental lists are far more rigorous than those dealing with patient information. Compounding this situation is the fact that many state privacy laws were written years, if not decades ago, and have fallen "behind the times," making it unclear as to who in the contemporary health care system has the responsibility for maintaining the confidentiality of health information.

Are you prepared for HIPAA compliance?

Since its passage by Congress, literally thousands of questions have surfaced regarding what is necessary to comply with HIPAA's numerous provisions. In view of the fact that we couldn't possible list all of the questions and responses, your answers to the following ten questions can help determine whether or not you are prepared to meet HIPAA's privacy and security requirements.

If you answer Yes to all ten questions, you are in an excellent position to be HIPAA compliant. However, if you answer No to any of the questions you are probably not in a position to achieve compliance. And, the more often you answer No, the more likely it is that you will have to allocate considerable time and other resources to meet HIPAA requirements.

Question #1: Do you have a thorough understanding of your responsibilities for compliance with HIPAA privacy and security regulations?
Yes___ No___

Question #2: Have you made a comparative analysis of HIPAA's privacy, consent and authorization regulations versus those contained in your state laws?
Yes___ No___

Question #3: Have you made a commitment to take the measures necessary to protect the confidentiality, integrity and security of your patient's personal health information?
Yes___ No___

Question #4: Have you prepared written policy detailing the standard practices and procedures that are necessary to conform to HIPAA requirements in your practice or organization?
Yes___ No___

Question #5: Have you trained your workforce as to the policies and procedures necessary to meet HIPAA privacy and security regulations?
Yes___ No___

Question #6: Are you fully aware of your obligations to the patient if he/she asks how their personal health information has been used or disclosed?
Yes___ No___

Question #7: Do you have a continuity plan for resuming normal operations in the event of an occurrence (fire, flood, etc.) that results in the loss of patient health information?
Yes___ No___

Question #8: Have you obtained business associate contracts from all entities that may have access to some or all of your patient's personal health information?
Yes___ No___

Question #9: Have you implemented reasonable physical safeguards to limit incidental disclosure of protected health information?
Yes___ No___

Question #10: If your own personal health information were being protected in the same manner as you are currently protecting the health information of your patients, would you feel confident that it was completely safe from accidental disclosure or disclosure to unauthorized personnel?
Yes___ No___

What do I do if I am not ready for compliance?

The deadline for HIPAA compliance - April 14, 2003 - is fast approaching. Suffice it to say, there will be a considerable number of health care providers and health care entities that will not be able to meet the deadline. Although there is little likelihood that the Department of Health and Human Services (HHS) will issue an extension for the compliance date, you must nonetheless implement the measures that are necessary for compliance.

This leaves two options available to hearing healthcare practitioners who did not answer yes to all of the above questions. First, thoroughly research HIPAA, develop policy and procedures, train staff, and put into action the steps necessary to become fully compliant. This option, although time consuming, may permit you to minimize your out-of-pocket compliance expenses.

The second option is to retain a HIPAA consultant to guide you to compliance. If this is a viable option for your practice, consider the following:

  • Does the consultant understand the practice of hearing health care? It is important that your consultant has an understanding of the professional practice of providing treatment for hearing loss and associated disorders.

  • Is the consultant capable of "being on the job?" Who will actually be doing the work? Is there back-up staff available? What are their qualifications? Is the consultant full service or an "area specialist?"

  • What is the total cost for the consultant's services? The hearing healthcare practitioner should try to determine what the "average" cost for a HIPAA consultant can be. You do not want to pay more than you have to, but you want to be circumspect when offered a bid that seems "too good to be true."


There is no doubt that HIPAA will appear to some - especially those who aren't ready for it - to be just another government "make work" project. Nonetheless, many believe that definite benefits will be realized when all health care providers and health care entities are in compliance. Patients will have greater assurance that their personal health information is secure from accidental disclosure and misuse. Providers will benefit from the lowered cost of doing business that result from standardizing the forms and format for the electronic exchange of health-related data. Finally, the public at large will benefit as computerization of personal health information allows de-identified data to be more readily available for use in the development of national health policy.

Readings and references:

The following information will provide a more in-depth understanding of HIPAA's rules and regulations and the potential impact it may have on your practice.
]. Beth Lane ACA, CHP is executive director of the Hearing Healthcare Providers/CA and Hearing Healthcare Providers/AZ professional associations. She is also president of Beth Lane & Associates, a health care consulting practice specializing in HIPAA compliance [12722 Charloma Drive, Tustin, California 92780 - phone: 714.357.7500 or email:].

Industry Innovations Summit Live CE Feb. 1-29

Paul Popp, PhD, BC-HIS, MCAP

Author and Hearing Healthcare Practitioner

Beth Lane

Related Courses

Understanding Privilege, for Healthcare Professionals
Presented by Esther Clervaud, EdS
Recorded Webinar
Course: #36096Level: Intermediate1 Hour
Systems of privilege have created a wide division of inequality. This course will help hearing care professionals identify their privilege and determine how to make a difference in their places of employment.

Creating Leadership in Audiology Through a Mentoring Circle
Presented by Natalie Phillips, AuD
Recorded Webinar
Course: #37632Level: Introductory1 Hour
There are so many components to quality patient care that it is challenging to “master” them all. What if you could come together with other professionals who possess knowledge or experience that could help you or your practice? There are a number of veteran audiologists as well as rising professionals who have wisdom, qualifications, narratives, and unique journeys to share. The purpose of this talk is to rethink the traditional mentor/mentee vertical relationship and explore collaboration in the form of circle…where all professionals, regardless of age or experience, learn from each other.

Using Patient-Reported Outcome Measures (PROMs) to Improve Patient-Clinician Communication and Enhance Treatment Efficacy
Presented by Carren Stika, PhD
Recorded Webinar
Course: #35841Level: Introductory1 Hour
Due to the recent increased focus on providing patient-centered healthcare, use of patient-reported outcome measures (PROMs) have become an essential component of assessing whether the services provided improved patients’ health and sense of well-being. This course will discuss the role of PROMs in healthcare and how using these measures in clinical practice can enhance treatment efficacy, improve patient-clinician communication, and assist clinicians in providing better person-centered care.

Learn to Earn the Salary You Deserve: Negotiating Like a Boss
Presented by Natalie Phillips, AuD
Recorded Webinar
Course: #32770Level: Introductory1 Hour
The ability to negotiate your income displays immediate knowledge and confidence in your skillset and worth. In this course, we will examine a revenue and pay justification method to put into place as audiology business owners, employers, and employees.

Core Topics for Audiology Assistants
Presented by James W. Hall III, PhD, Kathleen Weissberg, OTD, OTR/L, Amit Gosalia, AuD
Recorded Webinar
Course: #37123Level: Introductory3 Hours
This course includes one hour of content on each of the following topics: 1) ethical concepts and decision-making; 2) universal safety precautions, including the Occupational Safety & Health Administration's (OSHA) bloodborne pathogens standard, and 3) patient confidentiality and the Health Insurance Portability & Accountability Act (HIPAA).

Our site uses cookies to improve your experience. By using our site, you agree to our Privacy Policy.