Reviewing HIPAA's trail markers

Sunday, June 30, 2002

The past couple of months I have been rambling along about the Health Insurance Portability and Accountability Act (HIPAA) trail.

So far we have crossed two trail markers on the HIPAA trail and have now reached a checkpoint. Trail checkpoints give us a chance to see how far along the trail we have progressed and what steps, we need to take to continue our forced stroll through the land of bureaucracy. This first checkpoint indicates that in order to continue on to the destination of becoming HIPAA compliant, healthcare providers should know that:

HIPAA is the result of an act of Congress. Neither CMS nor the DMERCs will be providing direct communications concerning HIPAA. Home care providers must educate themselves about HIPAA.

All homecare providers must be compliant with the HIPAA Privacy Rule by April 14, 2003. The security and transaction code regulations being addressed by HIPAA have yet to be finalized.

As required by HIPAA, the Privacy Rule covers health plans, health care clearinghouses, and health care providers who conduct financial and administrative transactions electronically. The rule calls these businesses covered entities.

The Privacy Rule sets boundaries on the use and release of patients'medical records by covered entities; it also states that patients have the right to find out how their medical information is being used and what disclosures of that information have been made.

If you do not have a working knowledge of these statements, you need to go back to the beginning of the trail and start over. I know it doesn't seem fair to begin again, but since when is dealing with Congress ever fair (see: Competitive Bidding) or easy.

You need to know the HIPAA trail so you can become HIPAA compliant as well as avoid those bothersome bumps and pitfalls - called criminal and civil penalties by Uncle Sam - seemingly present on any bureaucratic pathway. Also, you need to understand the trail so you don't get lost before you reach its end. For example, many providers have already wandered off the trail by assuming the extension request for transaction code compliance due by October, 2002, is an extension for being compliant with the privacy regulations. These individuals will be exposing themselves to the government's bumps and pitfalls if they make that false assumption.

Fortunately, the HIPAA trail is abundantly marked. I will continue to point out all the markers, and what you should do with the information they provide, as we go along. You can always find out more about HIPAA from websites such as and

So let's continue on the HIPAA trail. A trail where we are sure to find all kinds of new and challenging experiences, and, where I am sure to hear from you regarding where I should put those experiences. Join me, won't you?

- Randy Schluter is President and COO of Dragonfly Technologies, L.L.C. and also serves as a business consultant to Arrow Professional Enterprises in matters pertaining to HIPAA. Randy can be reached at Dragonfly at 1-888-430-6919 or via e-mail at Also, a schedule of Arrows'HIPAA: Homecare Action Items Programs may be obtained via