[ Friday, January 02, 2004 ]
What's going on with your privacy program now?
Medical Newswire recently published some helpful hints on what you should be doing with your privacy program. Even though you got everything in place back in April, things change, you encounter new challenges, and you should adjust, adapt, and fine tune your privacy program to account for it. Five strategies outlined by Medical Newswire that make a lot of sense:
Review your forms. Make sure your NoPP and BAA say what they should. If you didn't develop authorizations or other forms, you might want to do that now. Do you have any new business associates? Perhaps your staff or patients have asked questions about your NoPP that would lead you to think some area or another is unclear and could use better wording. Perhaps they've been filling in the forms incorrectly; if so, see if you can determine why they're making mistakes, and fix the problem.
Keep in mind, however, that if you materially change your NoPP, you can't use PHI from prior patients until they've signed the new NoPP.
Update your policies and procedures. This is something you should always be working on, but it is especially important with your privacy plan. Make sure your policies and procedures really reflect the way you run your office (or change the way you run your office). Incorporate changes that your staff recommends, based on issues they've encountered that result in conflicts.
Keep up with state and federal law changes. Make sure you have changed anything you need to change based on the Security Rule. What is your local bar association doing to coordinate subpoenas for medical records? If you get lots of incorrect subpoenas, see if you can coordinate with the requesting attorneys to make sure they know to use the right forms.
Requet feedback. From your staff, your patients, your vendors, your business associates, your referring/referrant physicians, and hospitals and other providers that you deal with. This will help you fine tune where you need it, and will also let you know if your practice is "culturally attuned" to HIPAA (if you needed a big change in corporate culture to implement HIPAA, seek out feedback that will let you know if those changes have been made and are adopted by your workforce.
Training never ends. Don't let HIPAA awareness fade, especially if it was hard to establish in the first place.
Jeff [5:26 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
