Posted July 6, 2001
Please contact Jerri Lynn Ward for more information.
- Determine if your organization is a covered entity.
Chances are, if you’re in the healthcare field, you’re covered directly or indirectly.
- Make a list of all persons or organizations that do business with you and have access to patient information.
These people will likely be “business associates” under the rule and need to comply with its requirements, also!
- Determine what patient information is commonly disclosed by you in any form.
Can the patient be identified by the information?
Does the information disclose in any way the patient’s health status?
If so, chances are this information is protected.
- Review existing policies and procedures on patient privacy for compliance and modify those that do not meet HIPAA standards.
- Train staff to be more sensitive to confidentiality.
Remind them that they can be liable for penalties under some circumstances!
- Warn possible business associates that they have to comply with the rules, too!
Otherwise, you may have to end your business relationship.
- Begin drafting business associate contracts that contain the required confidentiality provisions.
- Appoint a Privacy Officer to spearhead privacy compliance.
You may also want to make this person the contact for any questions or complaints on privacy; a contact person is also required by the rules..
- Begin drafting patient notice, consent and authorization forms.
You’ll need all three!
- Identify types of information commonly accessed and who accesses each.
Different positions need different patient information and the rest should remain confidential.
Confused? Overwhelmed? Don’t worry. You have time to become compliant, but you need to start now! The time for compliance will be here before you know it.
All information in this article is informational only and is not legal advice. Should you have any questions or a situation requiring advice, please contact an attorney.
Copyright 2004 by Garlo Ward, P.C., all rights reserved
Austin, Texas 78752-3714 USA