Are DPMs Sleeping On HIPAA?

By Jeff Hall, Editor-in Chief

Procrastination is one thing, but the numbers of physicians who have applied for the one-year extension on complying with the Health Insurance Portability and Accountability Act (HIPAA) is extremely low. One consultant notes (as this issue went to press) that less than 4 percent of members of the American Medical Association (AMA) have filed for the extension. Those who don’t file for the one-year extension on October 15 will be expected to be HIPAA compliant on October 16, according to the Centers for Medicare and Medicaid Services (CMS).
While there are no specific numbers on how many DPMs have applied, Lloyd Smith, DPM, has heard that less than 10 percent of all medical providers have taken advantage of the extension. Dr. Smith, the Vice President of the APMA and Chair of its Health Policy Committee, is surprised by the low numbers because after all, providers who aren’t HIPAA-compliant and don’t apply for the extension will be violating the law on October 16. He says applying for the extension online is easy and only takes 10 minutes.
To apply for the extension, simply go to and fill out the form. If you would prefer to submit a compliance plan (and get the one-year extension) via snail mail, the CMS site says you can do this as long as your mail is postmarked no later than October 15.
Perhaps some of the delays in filing for the extension stem from the belief that HIPAA doesn’t apply to you. According to the fine print of the Administrative Simplification Compliance Act that President Bush signed into law late last year, practitioners or facilities with less than 10 full-time employees are exempt from HIPAA compliance.
While this exemption may be an initial cause for relief for many practitioners, there are some important caveats to keep in mind. As Dr. Smith points out, “many states are enacting tougher standards than the (federal regulations),” so it’s essential to be up to speed on what the requirements are in your own neck of the woods.
Also be aware that interacting with other health care vendors and facilities that are HIPAA-compliant may be problematic if you and/or your facility is not compliant. Indeed, clinging to the 10-employee exemption may actually lead to a precipitous decline in referrals.
There is some good news on the referral front when it comes to the final revisions of the HIPAA rule that came out in August. According to a Washington Post article, the final regulations removed the requirement that patients had to give written permission whenever their personal health information was handled by doctors, hospitals, pharmacies and insurance plans. This is a rare example of common sense triumphing over bureaucracy. One can only imagine the paperwork morass if you had to obtain patient permission every time you referred a patient to a vascular surgeon or other specialists or when they referred patients to you. While privacy advocates may moan and groan, this significant change facilitates better care.
To get on the road to HIPAA compliance, apply for the one-year extension before October 16. Check out consultants and read as much as you can get your hands on. While the ACFAS HIPAA Privacy Manual came out before the final revised rule, it still provides a good primer on HIPAA compliance. The APMA will have a HIPAA manual available on its site ( by January 1, if not sooner. Clearly, the more you know about HIPAA, the better off you and your practice will be.

Add new comment