HIPAA (Health Information Portability and Acountability Act) is the law. It seems that the only way to avoid it is to be a health care provider with less than 50 employees and to not submit claims electronically. That’s OK except that Medicare is soon to require electronic claim submission. There’s supposed to be some sort of exemption to that last Medicare requirement, but I don’t as yet know precisely what it is.
Many of the more onerous parts of HIPAA as originally conceived were removed by Pres. Bush. Consent is not required for anything relating to Treatment, Payment or Healthcare operations. It is optional. The catch is you have to be consistent. If you obtain a consent for these things with some patients then you have to get them for all patients. My recommendation: DON’T DO THIS!
You will need patient authorization for marketing purposes, etc. You will probably need to obtain consent for photographs, especially if they are used to demonstrate before and after results to prospective patients.
You will also need written authorization for copying the patients complete medical record. No big deal there.
You can obtain an automatic extension online by filling out this simple form. You need to click on the “Standard Model Compliance Form” and follow the directions. The deadline is October 15, 2002 so do this soon. You will get a number that serves as your one year extension.
Useful info at http://www.healthprivacy.org/ and http://ama-assn.org/go/hipaa/
My feeling is that after the one year extension runs out there will be many physicians that may no longer participate in Medicare but they will still attempt to become compliant with the law.