The Health Insurance Portability and Accountability Act (HIPAA)—and mirror-HIPAA, state law rules—require physicians, chiropractors, acupuncturists, and other healthcare providers, as well as the “business associates” who serve them—to comply with extensive legal rules designed to protect the privacy and security of protected healthcare information (“PHI”).
We know that HIPAA compliance can be both complex and time consuming. The rules are dense and arcane, elaborate and demanding.
These are why we have created an in-depth HIPAA Manual. Our HIPAA Manual contains essential Privacy and Security policies, procedures and forms, including:
- 11 Privacy Rule Policies
- 17 Privacy Rule Forms
- 21 Security Rule Policies
- 6 Security Rule Forms
Or 55 documents in all.
A total of over 120 pages of manual!
And these draw on the HIPAA Privacy Rule and HIPAA Security Rule.
A strong HIPAA Manual containing policies, procedures, and forms, is critical for HIPAA compliance. So are the HIPAA forms. Having these in place, together with other measures (such as HIPAA training) can potentially help document good faith efforts to comply with the onerous requirements of HIPAA.
HIPAA compliance is not guaranteed merely because the healthcare venture uses an EMR (electronic medical record) where the vendor claims to be “HIPAA compliant.” HIPAA compliance requires a number of steps—which include having a secure EMR—but the requirements are extensive, and much is required by way of implementation. Among other things, all members of the workforce require HIPAA training.
A Privacy and Security Manual is recommended, even if HIPAA does not technically apply because the medical practice or platform does not bill insurance electronically. The reason is that state law often has the same requirement as HIPAA that healthcare providers and entities maintain the privacy of medical records and implement reasonable (or adequate) security measures with respect to PHI (protected health information).
What if your employee had no knowledge of the rules for accessing and storing sensitive healthcare data? How do you properly destroy PHI data? What if there is a breach?
Our HIPAA Manual will help you address these critical infrastructure issues, among many others.
So why wait? Get your HIPAA Manual now!
Table of Contents
|Security Manual||Policies & Procedures|
|SPP1||Security Management Process|
|SPP4||Information Access Management|
|SPP5||Security Awareness & Training|
|SPP5A||Faxing & Emailing PHI|
|SPP6||Security Incident PROCEDURES|
|SPP10||Facility Access Controls|
|SPP13||Device & Media Controls|
|SPP17||Person or Entity Authentication|
|SPP19||Overview of Policies & PROCEDURES|
|SF1||Employee Breach & Reprimand Notice|
|SF3||Master Access Record|
|SF4||Security & Confidentiality Agreement|
|SF5||Acknowledgment of HIPAA Training|
|SF6||Security Incident Reporting|
|Privacy Manual||Policies & Procedures|
|PPP1||Privacy of PHI|
|PPP2||Access to PHI|
|PPP4||Notice of Privacy Practices|
|PPP5||Use of PHI for Treatment, Payment & Operations|
|PPP6||Authorization for Release of PHI|
|PPP7||Restrictions to Disclosures and Uses of PHI|
|PPP8||Method of Communication|
|PPP9||Amendment of PHI|
|PPP10||Accounting of Disclosures of PHI|
|PF1A||Cover Letter to Patient|
|PF1B||Privacy Complaint Form|
|PF2A||Patient Request for Access to PHI|
|PF2B||Response to Patient Request for Access to PHI|
|PF4A||Notice of Privacy Practices & Acknowledgment of Receipt|
|PF4B||Employee Confidentiality Acknowledgment|
|PF6||Authorization for Use or Exchange of PHI|
|PF7A||Request to Restrict Use & Disclosure of PHI|
|PF7B||Response to Request to Restrict Use & Disclosure of PHI|
|PF8||Request re Method of Communication|
|PF9A||Amendment of PHI|
|PF9B||Amendment Acceptance Letter|
|PF9C||Notification of Amendment Letter|
|PF9D||Amendment Denial Letter|
|PF10A||Request for Accounting of Disclosures of PHI|
|PF10B||Response to Request for Accounting|
|PF10C||Log of Accounting of Disclosures|
Here are some additional resources on HIPAA that you can read:
Common HIPAA violations are flagged by HIPAA Helper, a publication of ProPublica,an “independent, non-profit newsroom that produces investigative journalism in the public interest.”
HIPAA sounds like “hippo” for a reason: it’s big, clunky, noisy, and unwieldy. Can, and should, a small physician practice implement HIPAA practices?
Making HIPAA compliance easy is like trying to catch a firefly in your hand.
The Department of Health and Human Services Office for Civil Rights (OCR) released its final rule, Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under […]