For nearly six years providers have been notifying patients of their HIPAA Privacy Practices and Polices. In the course of compliance consulting with several clients I was asked to review their HIPAA policies. Most smaller provider took the path of least resistance when implementing their Privacy policies and used standard “template” policies and forms, as well as a standard type notice to their patients. Nothing wrong with that, many providers adopted polices provided by professional trade associations, as well as through the Office of Civil Rights (the HIPAA enforcer). Patients and staff alike got up to speed with “HIPAA” over the next few years.
Returning patients that have previously acknowledged receipt of privacy policies, are generally not offered a refresher. Patients offered a courtesy refresher, often seem to decline. It seems that everyone knows HIPAA, or do they?
Let me pose this to you…sit at the registration desk at your office/clinic and ask the staff member doing the intake, to explain in more detail what “HIPAA” means, or better yet, tell them you want to amend records, or even better, to restrict access. Pay attention to the reaction..do they look like they know what you are asking, or to they look puzzled, and go ask somewhat else what to do? Do they grab a HIPAA manual or ring binder and reference the policy and the form(s) that you will need to sign? Look around your waiting room. Is your notice of Privacy Practices posted? Is the name of the Privacy Officer anywhere to be found? If they are thinking of having a complaint, better they find your privacy officer first than ‘Big Brother” at the Office of Civil Rights!
Are the staff a little baffled by your HIPAA questions? Can’t find notice of privacy practice posted? Don’t feel alone, many providers have their program on auto-pilot. But even with a program on auto-pilot it is essential to monitor and audit compliance with privacy policies not only with respect to patients, but also with respect to staff knoweldge, training, and implemention. It is also a good time to check the latest updates and enforcement decisions at the Office of Civil Rights (OCR) HIPAA website.
Amy Fenn, healthcare lawyer (former nurse) and HIPAA expert, offers her insight into some popular marketing misconceptions about HIPAA on The Pulse, a healthcare marketing blog. Amy has also blogged about HIPAA changes in the Stimulus Bill. Both good reads, and will give you some insight on why HIPAA is not so “Ho-Hum”.