|
HIPAA OFFICE
PRIVACY PROCEDURES
PRIVACY OFFICER:
DIANA LETUS, PRACTICE MANAGER
OUR OFFICE IS COMMITTED TO COMPLY WITH THE HIPAA PATIENT
PRIVACY REGULATIONS TO PROTECT OUR PATIENTS, (APRIL 4, 2003) .A COPY IS POSTED
IN OUR OFFICE FOR YOU TO READ. A COPY IS AVAILABLE UPON REQUEST.
THE FOLLOWING ARE SPECIFIC WAYS
OUR OFFICE IS COMPLYING:
PATIENT HEALTH
INFORMATION IS NOW REFERRED TO AS ‘PHI’
1
All our employees are required to read, discuss
and sign a confidentiality statement when they are employed. Any breech of this
is ground for immediate dismissal.
2
They will all be HIPAA trained. Discipline
action will be taken if the rules are not followed. First, will be a verbal
discussion and clarification of the rules again. Second, will be a probation
period to improve their skills. Termination will be next. This does not include
breech of patient confidentiality as stated above.
3
All patient charts are kept in a secure area in
the office
4
Only employees and health providers have access
to the charts. They are seen on a need-to- know basis.
5
Patients must request an appointment to review
their chart in the presence of an employee .A reasonable time period will be
allowed and the office CAN CHARGE FOR THIS SERVICE.
6
No changes can be made in the chart by the
patient. Changes must be written and read and approved and signed by the
provider and then placed in the chart as an amendment.
7
No white out is to be used in any patient chart.
If a mistake is made, put one line through it, write error and initial it.
8
Only the
patients name and provider is listed on the outside of the chart along with any
known allergies.
9
Charts should be face down when they are on a
desk, door holder or in any other place where they are in plain view.
10
Charts are stacked in the medical records department,
out of view, until they are filed away. Every attempt is made to file them at
the end of each day and keep a clean desk, free of charts or patient messages.
11
We maintain every reasonable safeguard with oral
communication within the office.
12
The receptionist windows will be kept closed
when not in use to help block verbal communication about patients.
13
The office staff will not discuss any other
patient information or names when there are patients in the area.
14
Telephone calls regarding patients are to be
kept quiet and confidential.
15
Patient messages are placed in designated areas
for the providers use.
16
Providers make patient call back phone calls
from their office in a quiet and isolated area.
17
No speakerphone is to be used in any patient
area.
18
No calling of patient’s names around the office
to see if someone spoke to them, etc.
19
To confirm patient appointments just leave the
office name and the appointment time.
20
Daily patient schedules are kept in secure
areas, the doctors office and nurses station.
21
To call patients to give them any test results
do not leave results on a machine or with another person. Just ask that the
patient return the call to the office.
22
Any patient lab log is kept in the nurse’s area
in a secure place, out of patient site.
23
Exam room doors are kept closed while the
patient is in the room, even if they are waiting for the provider to come in.
24
Faxes are sent with a secure and confidential
message and are for patient use only by other covered entities, business assoc.
or trading partners.
25
In coming faxes are not to be lying around the
office for others to see. Faxes come in face down and should remain on machine
until removed. This is done frequently during the day.
26
All non-patients such as drug reps, family
members, vendors and delivery people are not allowed in patient areas. They
must check in at the front and will be directed from there. They will wait in
the waiting room until called. Family members are not allowed in the business
or nursing areas of the office unless they are there to be seen by a doctor.
They too will have to go to the waiting room.
27
Our outside services such as our cleaning
service have signed a patient privacy notice.
28
Each employee has his or her own user ID and
password for access to the computer.
29
Computer screens should not be visible to
patients.
30
Each employee is given an office door key and
security alarm code when they are hired. They are taught to lock up the
building if they are the last to leave the premises. These are returned to the
practice manager if they leave and their security and computer codes are
cancelled.
31
There are shredders at each desk area and all
papers, which contain any patient information, are shredded.
32
When charts need to be destroyed we use a
professional vendor and we receive a certificate of destruction. They are NEVER
put in the regular trash.
33
We will always send the Minimum Necessary when
information is requested of a patient.
34
If releases come from outside services such as,
lawyers, insurance companies we must receive the patients signed and DATED
release. We will try to send records
within 10 days. There is a charge to whom is requesting the copies of $ 0.75 a
page (as allowed by law).
35
If a patient transfers out of our office to
another provider we will send the records to the new provider within10-14 days.
We prefer to send to the provider and not give them to the patient.
36
This prevents them getting lost. We will not
charge for the first copies sent but additional copies will be charged to the
patient at the cost of $0.75 a page (as allowed by law).
37
Parents and Minors: the state laws in NY
override HIPAA. Usually parents have the authority to make health care
decisions about his or her minor children
38
We will use all forms required by HIPAA for
patient consent, authorization etc.
39
Our office will have a named privacy officer.
40
Our office will post the NOTICE OF PRIVACY in a
visible place for all to read. A copy will be available to any patient upon
request. Every patient will be asked to sign a form that they received this
information. Refusal to sign will also be documented.
41
We have business associate and trading partner
agreements signed and on file which insures the patient’s privacy from these
companies. Copies will be kept at the main office site.
42
Training sessions are given to the staff to
explain all the office’s activities and policies for maintaining patient
privacy. A copy of the office privacy policies will be mandatory for all to
read and sign. Updates will be held as needed. Copies of attendance records are
maintained.
43
Psychotherapy notes require a specific
authorization or all uses or disclosures of these notes. So do HIV/AIDS
information and alcohol /drug abuse.
44
Workers Comp. is not covered under HIPAA
regulations.
45
Subpoena: the lawyer must notify the patient. We
only accept subpoenas by personal delivery never by mail or fax. The subpoena
is valid only if it comes from a state court where the office is located. A
subpoena from a federal court is always valid. Check to see if it has a release
date. The minimum necessary concept applies, only release what is requested, no
more no less.
46
A court order is more powerful, however
only release the minimum necessary.
47
If there is any question call the lawyer to see
exactly what is being requested. Be sure the lawyer has the patients release
and it is dated. If not, request it.
48
If the patient wishes a copy of part of his
chart for his/her own, have them sign a release for that specific information.
(ie: copy of his last labs.)
49
Our office uses a recall system on the computer
to track upcoming appointments. A post card is sent to the patient which just
states: it is time for your appointment please call the office. No mention of
any patient information is mentioned on the card.
50
The office can release PHI if it falls within
the HIPAA trio: treatment, payment, and healthcare operations.
51
If a provider wants to photograph you for
medical reasons to document your patient care we will ask you to sign a consent
form. The photos will remain in your chart as part of your PHI.
|
