[ Wednesday, March 12, 2003 ]
Here's some good advice from the HIPAAWire (ELI's newsletter):
(HIPAA Wire) By April 14 - fewer than five weeks from now - health care providers must train every current workforce member on their Health Insurance Portability and Accountability Act privacy policies and procedures.
While training methods and materials will vary from one organization to another, there are at least six vital pieces of information which every workforce member must know once their training is completed, advises Sandra Nutten, a senior management consultant at The Chi Group of Superior Consultant Company in Ann Arbor, MI.
1. Know What HIPAA Is. Everyone who's undergone training should be able to articulate in simple terms what HIPAA is and what it aims to protect, contends Nutten. "The bottom line is that we have civil rights to protect our health information, and they need to walk away from training understanding that everyone has the right to" have their personal health information (PHI) kept secure, she says.
2. Know Who Your Privacy Official Is. It's vital for workforce members to know who their entity's privacy officer is, directs Nutten. Knowing this information will help employees deal with potential privacy breaches they may encounter during their day, she states.
3. Know Your PHI Limits. At the end of training, each employee should know his or her level of PHI access, explains Nutten. This knowledge will enable staffers to conduct "self-audits" regarding their use of - or exposure to - PHI, she maintains.
4. Know Where to Get a Copy of Your Privacy Notice. Everyone should know where to locate or obtain a copy of your notice of privacy practices, stresses Nutten. "I'd like to know that anyone in our workforce would be able to point to a placard or the Web page or the handout," she notes.
5. Know What to Do When You See a Privacy Violation. Complacency is a threat to any HIPAA-compliant entity, warns Nutten. Therefore, all employees must know their organization's protocol for reporting a potential privacy violation or inappropriate PHI disclosure, she says. "It'll be a challenge for the leadership of an entity if its workforce doesn't understand how a patient could make a complaint or what the complaint could be about."
6. Know That the Care of the Patient Always Comes First "HIPAA wasn't ever meant to direct us on how to care for our patients. It was meant to direct us on how to care for the information about our patients. And there's a difference," opines Nutten. Protect patient information when you can, but remember that these rules are never intended to get in the way of patient treatment, she insists.
Jeff [2:46 PM]
Blogger: HIPAA Blog - Edit your Template