Health Information Compliance Alert

HIPAA Tips:

3 STRATEGIES FOR HIPAA PREPARATION IN CLINICAL LABS

While clinical labs may occupy a unique position under the Health Insurance Portability and Accountability Act umbrella, their compliance efforts in certain ways mirror those of other covered entities. Our HIPAA experts offer the following strategies for labs ramping up compliance efforts with the HIPAA privacy rule:

  • Make an information flowchart for your organization. HIPAA privacy compliance requires more than a detailed, legal understanding of the regulation it requires an intimate understanding of how information functions in the lab.

    HIPAA is not an IT problem,insists Michael Geldart, an attorney in Holland & Knight's St. Petersburg, FL office. And, "it's not a policy problem it's an operational issue," he says. So, it's time to figure out how your organization currently operates when it comes to information, he suggests.

    Geldart advises labs to track how they currently use information. Track how it comes in and how it goes out of your organization, he adds. Only when you have a precise map of the way information circulates can you understand what parts of HIPAA apply to your laboratory, he concludes.

    Gwen Hughes, professional practice manager for the American Health Information Man-agement Association, agrees. An information flowchart is the first thing AHIMA recommends that covered entities do, she says. Without that information you can't analyze the minimum necessary requirements and you can't determine how to train your workforce, she warns. The privacy officer can spearhead efforts to chart the paths of information in the lab, but make sure many people get to check it over and add to it.

  • Use a checklist of major HIPAA requirements to ensure you've covered everything. That way laboratories can ensure that they've considered each item as it relates to their specific situation, advises Hughes. Include these items on your checklist: privacy notices, authorization forms, state law-HIPAA privacy requirement comparisons, minimum necessary requirements, HIPAA-forbidden disclosures and workforce training.

  • Act on the provisions that aren't going to change. Labs "should be preparing for HIPAA compliance as it relates to the other areas where [the Department of Health and Human Services] has not indicated any change of the rules," recommends Stephen Weiser with Michael Best & Friedrich in Chicago.

    The HHS will need to finalize the proposed privacy rule changes by mid-October, Hughes concludes, in order to give covered entities the necessary 120 days to prepare for compliance. So provisions that may change because of these revisions are compliance hurdles you can tackle in November, she suggests.

  • Other Articles in this issue of

    Health Information Compliance Alert

    View All