Anesthesia Compliance Consultants

Providing compliance education and services
to anesthesia providers, hospitals and billing companies

Compliance and HIPAA Training

We specialize in providing Anesthesia Compliance and HIPAA training to anesthesia professionals using our web-based education platform. Choose from the courses listed below or allow us to create a program tailored specifically to your organization, type of practice or company.

We offer the following courses in an online setting:

  • Anesthesia Compliance
  • Anesthesia HIPAA Privacy
  • Anesthesia Compliance and Privacy
  • Anesthesia Evaluation and Management Coding
  • Fraud, Waste and Abuse Training

We provide online group training. We will educate your company on anesthesia compliance and HIPAA Privacy. Contact us for more information and group rates.

Compliance Plans

ACC will assist with the creation of a compliance plan for your organization. Our team of experienced professionals crafts compliance plans consistent with regulatory, medical, billing and coding standards.

“We understand anesthesia: we have stood in your shoes.”

Latest News

E is for Encryption

Posted on Feb 27, 2019 in Uncategorized

Mobile Texting

Encryption for ePHI

Security Rule

The HIPAA Security Rule allows the transmission of electronic PHI (ePHI) as long it is safeguarded. It is up to the healthcare provider to decide on the use of encryption based on the results of its risk assessment.

The encryption standard is confusing because it is defined as an addressable requirement which should be implemented if it is a reasonable and appropriate safeguard for the protection of ePHI.

No Specific Requirements

When the Security Rule was enacted, it was recognized that due to rapid advances in technology it would be very difficult to give guidelines that change regularly. For this reason, they chose not to require specific safeguards that could be soon outdated.

Alternative to Encryption

Based on its security risk assessment a health care provider may determine that encryption isn’t reasonable and appropriate and present their alternative to protect ePHI or it may decide to do neither and determine the standard may otherwise be met.  The provider should document its reasons for its decision.

Read More

D is for Disclosures

Posted on Jan 23, 2019 in Uncategorized


HIPAA ABCs helping you understand HIPAA

See our video

Disclosures to Law Enforcement

Sometimes it is hard to determine under what circumstances PHI disclosure to law enforcement is permissible.

HIPAA permits disclosures to law enforcement in certain situations. It is always okay when there is a signed authorization from the patient or their legal representative.

When to Respond

Disclosures are permitted when required by law, for example to respond to subpoena’s and court orders when specific requirements are met.  Also, for investigation of a crime, to locate a missing person and to prevent serious threats to public health and safety.  State law reporting may be required by law for reports of child and adult abuse and neglect, and for certain injury and disease reporting.

State Law

Besides considering the federal HIPAA law, review state law because it may be more protective than HIPAA and, in that case, state law is followed.

This is your HIPAA ABCs brought to you by HIPAA Associates.  Contact us for more information on this important topic and HIPAA training for you and your company.  Follow us on Facebook and Twitter.


Read More

C is for Complaints

Posted on Jan 2, 2019 in Uncategorized

Today’s letter is C, “C is for Complaints”


A covered entity must have a procedure for individuals to file a complaint regarding its privacy practices or for an alleged violation of the Privacy Rule.71 The Notice of Privacy Practices must contain contact information for the covered entity’s privacy officer and information on how to submit a complaint to the Office for Civil Rights.

Privacy Officer

The privacy officer or designee investigates all complaints involving privacy of protected health information and should maintain records on the complaints and their resolution. The Privacy Officer will determine whether or not there has been a violation or a breach of unsecured PHI.

On behalf of the covered entity the Privacy Officer responds to inquiries initiated by the Office for Civll Rights as it investigates complaints.

No Retaliation

Under the HIPAA Rules there is a no retaliation for making a privacy complaint.

This is your HIPAA ABCs brought to you by HIPAA Associates.  Contact us for more information on this important topic.  Follow us on Facebook and Twitter.

Read More

B is for Breaches

Posted on Dec 14, 2018 in Uncategorized

Today’s letter is B. B is for Breaches.  A breach is an impermissible use or disclosure of protected health information or PHI that compromises its privacy or security.  This is presumed to be a breach unless the covered entity or business associate can demonstrate there is a low probability that the phi has been compromised based on a risk assessment of the following:

  1. Nature and extent of the PHI involved, including the types of identifiers and the likelihood of identification
  2. The unauthorized person to whom the disclosure was made.
  3. Whether the PHI was acquired or viewed.
  4. The extent to which the risk to the patient was mitigated.

Breaches of Paper PHI

Examples of breaches of paper phi are loss of paper files, unsecure disposal, and paperwork given to the wrong person.

Breaches of Electronic PHI

Examples of electronic PHI breaches include loss of an unencrypted mobile device and sharing PHI on an unsecured document sharing internet site.

All of these have been the subject of Office for Civil Rights penalties.

Verbal Breaches of PHI

Verbal breaches of PHI occur if PHI is disclosed to the wrong individual or if its overheard when safeguards are not used.

For more information about breaches or about HIPAA please contact us.  Follow us on Facebook or Twitter.

Read More

HIPAA Permitted Uses and Disclosures for Anesthesia

Posted on Nov 5, 2018 in HIPAA

Disclosing PHI

A covered entity may use and disclose PHI for a number of different purposes and stay in compliance with HIPAA permitted uses and disclosures.  It is always permitted to use and disclose PHI for treatment, payment and health care operations.

Sharing for Treatment

Keep in mind that HIPAA was written to not only protect PHI but to assist treatment providers in caring for the patient without requiring patient authorization in order to share their PHI.  For example, it is permissible to share PHI with health care providers who will treat the patient in their office or after hospital discharge. The sharing may be electronically and must be in a manner that is compliant with the Security Rule.

Health Care Coordination

We now see the need to share data with health care providers for purposes of care coordination.  This activity didn’t exist when HIPAA was written and is now required by CMS and is part of a treatment plan.  A health care provider may disclose PHI to another for this treatment purposes without patient authorization.

Contact us for more information.

Read More