Hot off the presses, the U.S. Department of Health & Human Services (HHS) has released a downloadable model of Notice of Privacy Practice forms on their website at: http://www.hhs.gov/ocr/privacy/hipaa/modelnotices.html. To use the form you will need to identify your office’s privacy officer and input the privacy rules specific to your state. With the input of your practice specific information, the model Notices are designed to be an easy way for healthcare providers and other cover entities to provide a uniform Notice of Privacy Practices to their patients.
Image credit: bloomua / 123RF Stock Photo
Wait there is more. There are also sample business associate provisions available. You can get a copy of the sample business associate provisions from the HHS website at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html. The sample business associate provisions were published some time ago. They are good starting point for drafting an updated business associate agreement. Using the sample business association provision is not as simple as the downloadable Notice of Privacy Practices. You have to make some choices and you have to plug it into your own document. It is not a document that you enter your name and hit print button. Before building the agreement, you will need to know some things. For example, you need to know who is going to be responsible for reporting potential breeches to the HHS Office of Civil Rights and how you want business associates to respond to a patient’s request for amendment of their protected health information. The sample business associate provisions are a great resource, but you will need to do some work on the front end.
Job done? Not exactly, HIPAA compliance more than just posting a privacy notice and signing a business associate agreement. The HIPAA Security Rule includes more than 40 required and advisable Implementation Specifications and 20 HIPAA Security Rule Standards that covered entities must follow. The Rule encompasses administrative, physical, technical, and organizational safeguard requirements.
To learn more visit: http://gettinslaw.com/hipaa-compliance-program/