Updating hipaa policies and procedures
Yet most organization struggle to find the time or resources to get them completed, and completed well!With Clearwater HIPAA Privacy Policies & Procedures™ Tool Kit you can create your organization’s HIPAA Privacy policies and procedures in a fraction of the time.
Resources include a Table of Contents listing the essential documentation your organization should have; a standardized format to ensure all appropriate elements of sound documentation; and a template for each applicable policy/procedure needed so you can customize to match your situation and business processes.CEs simply enter their information into the models and print or electronically post them.The complimentary model NPPs are available to plans and providers in the following formats: CMS’ Office of E-Health Standards and Services has posted what serves as an audit checklist on the CMS website.Detailed descriptions outline the job’s responsibilities, duties and requirements for skills, education and experience.Charters and resolution documents help the organization’s Board and its committees establish guiding principles, responsibilities and roles.You should call this a notice of privacy practices (NPP) rather than a patient’s rights brochure because the latter includes rights unrelated to PHI, and there are specific things that must be included in each. Note that the HIPAA Omnibus Rule requires changes beyond the right to receive an electronic copy.
Remember that the intent of the NPP is to explain to your patients what you are doing with their information and their rights pertaining to their PHI.
OCR initially received a complaint in November 2012 that hospital employees were allegedly storing patient records containing PHI in an unsecure online document sharing application without analyzing the risks of doing so, according to a July 8 resolution agreement between OCR and St. Those documents contained the e PHI of at least 498 patients. May organizations include inserts in their current patients’ rights brochures with updated information about their right to receive their medical files electronically, or must they reprint their entire brochures?
We have a backstock of brochures and prefer to use them before we reprint them. Reprinting the entire brochure is not required; an insert is permissible as long as it doesn’t contradict information in the actual notice.
View our sample policy, customer referrals and coupon offer.
Elizabeth’s Medical Center in Boston has agreed to a corrective action plan and civil fine of $218,400 with OCR to address deficiencies in its HIPAA compliance program following employee practices at the hospital that exposed e PHI on more than 1,000 patients.
Policies and procedures required by the Security Rule may be modified as necessary to meet the changing needs of the organization, as long as the changes are documented and implemented in accordance with the Security Rule." Satisfy your HIPAA Security 800-53R4 "Policy & Procedures Documentation" requirement.