• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

A policies and procedures manual

Article

Am I required to put HIPAA privacy policies in writing for my staff?

Q: Am I required to put HIPAA privacy policies in writing for my staff?

A: Yes. Among the areas you need to address in your policies and procedures manual are: release of medical records, patient access to records, patients' right to amend their records, faxing medical information, permitted uses and disclosures of protected information, and complying with the "minimum necessary" standard—which generally limits the information doctors may disclose to the minimum necessary to accomplish a specific purpose.

Employees aren't the only ones who need to see your HIPAA policies in writing. Your policies also should be outlined in a Notice of Privacy Practices, which you probably distributed to all patients last April, and which you should give to all new patients. You should also make a good faith effort to have established patients sign an acknowledgment form, indicating that they've seen the notice. If there's a complaint, be prepared to share your policies with the Office for Civil Rights, US Department of Health and Human Services.

Q:Where can I find out more about how to prepare a HIPAA policy manual and a Notice of Privacy Practices?

A: Besides the federal government itself ( www.hhs.gov/ocr/hipaa), many state medical societies make this material available on their Web sites or in hard-copy form. In many cases, you can customize these sample manuals and notices to suit your practice. Also consult your hospital (you can adapt its policies to your own practice) and an attorney familiar with HIPAA

Related Videos
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health