Because optometrists tend to communicate with other health care providers, such as primary care physicians and ophthalmologists, about their patients’ sight and ocular health, it makes sense that they actively practice HIPAA-compliant doctor-to-doctor communication. HIPAA compliance is critical to the pri-vacy of patient information, and non-compliant behavior can result in exorbitant fines, civil action lawsuits and jail time.

With this in mind, two knowledgeable O.D.s provide tips on how to achieve HIPAA-compliant doctor-to-doctor communication.

• Know the rules. Karen Perry, O.D., F.A.A.O., co-owner Vision Health Institute and director of professional relations and government programs at Compulink, breaks these rules down into three simple areas: privacy, security and omnibus. “To comply with the privacy rule, providers and staff should be educated annually on the patients’ rights to access PHI [protected health information], health care providers’ rights to deny access to PHI, the contents of use and disclosure forms and notices of privacy practices, and more. The security rule requires an extensive implementation of appropriate safeguards to ensure only those intended to have access to electronic health information are granted access; and those who are unauthorized are barred from disclosure of this data,” she explains. “The third part is the omnibus rule, which strengthens privacy and security protections by requiring breach notification and reporting security incidents.”
• Review HIPAA resources/tools. Dr. Perry adds that, upon learning the rules, optometrists and their staffs should, “review the HIPAA resources and tools available on the HealthIT.gov website,” which provides extensive training modules and templates to maintain best practices when implementing privacy and security rules.
  From such resources, O.D.s can create office policies regarding the use of mobile technology and access to PHI outside the office; issue Business Associate Agreements to be signed by all entities with potential access to PHI before services are provided; and more, Dr. Perry explains.
• Make training on-going. Valerie Sheety-Pilon, O.D., and vice president of Professional Relations at Eyefinity, says ongoing doctor and staff training is the key to HIPAA compliance. “You should utilize your office team meetings to discuss and remind the staff about these regulations,” she says.
• Don’t be an island. For new O.D.s, in particular, Dr. Sheety-Pilon recommends building a network of HIPAA-compliant consultants and others in optometry who are knowledgeable. OM