HIPAA:
ISSUE PRIVACY NOTICES NEXT MONTH OR INVITE PENALTIES
Published on Thu Mar 06, 2003
The Health Insurance Portability and Accountability Act privacy regulation deadline will be here before you know it, and if you don't have some basics down you could be very sorry. By April 14 - about a month from now - health care providers must comply with a variety of requirements on safeguarding patients' protected health information (PHI). Many home care providers are woefully behind the curve on these mandates, warns Abilene, TX-based consultant Bobby Dusek. Many more providers are unprepared for meeting the deadline than are prepared, estimates attorney Robert Markette with Indianapolis-based Gilliland & Caudill. While home care providers should strive for complete compliance with HIPAA, in reality many don't have enough time left to square up every detail, Markette says. Experts suggest providers focus on these basics to minimize exposure to HIPAA compliance risks by the April 14 deadline: 1. Generate, distribute and post your HIPAA privacy notice on time. Regulators say the HIPAA enforcement effort will be mainly complaint-driven. One sure way to get quick complaints is by failing to furnish your patients with a notice describing your privacy policies and procedures regarding their health information. Failure to issue a notice "is a very clear signal you're not in compliance" with even the most rudimentary HIPAA privacy requirements, Markette warns. Come April 14, every patient should receive the notice. Dusek expects home care providers' privacy notices to be six to eight pages. Every staff member should know where to locate or obtain a copy of the notice of privacy practices, stresses Sandra Nutten, a senior management consultant at The Chi Group of Superior Consultant Company in Ann Arbor, MI. 2. Designate your privacy officers. Even if all the policies and procedures they're in charge of aren't in place yet, setting up the structure is important. It'll be a huge red flag that you're out of compliance with HIPAA if you haven't taken even this basic step. It's vital for workforce members to know who their entity's privacy officer is, directs Nutten. Knowing this information will help employees deal with potential privacy breaches they may encounter during their day, she states. 3. Set PHI Limits. Determine each employee's level of PHI access and make sure employees know it. 4. Set up a complaint procedure for patients who feel their privacy rights have been violated or employees who spot transgressions. Again, patient complaints will drive HIPAA enforcement, so making sure the processes most closely associated with patients are up and running by the deadline will minimize HIPAA liability, Markette notes. 5. Set out consequences/sanctions for privacy violations. 6. Train employees. Every employee should be able to articulate in simple terms what HIPAA is and what it aims to protect, [...]