[ Monday, January 21, 2013 ]
Nugget 8: Notice of Privacy Practices: Basically, if you changed your NoPP in response to the HITECH Act (either before or after the proposed regs came out), then you're probably OK. Your NoPP must contain a statement that an authorization is required before releases of psychotherapy notes (if you might have them), marketing activities, or sales of PHI, as well as a general statement that uses/disclosures not noted in the NoPP require an authorization. If your NoPP talks about the possibility of fundraising, you've got to say that the individual will have the ability to opt out. You've also got to include in your NoPP (if your are a provider) an explanation of the "Hide" rule (i.e., if the patient pays in full out of pocket and requests you not notify their insurer, you have to respect that wish). Your NoPP must also say that the patient has the right to be notified in case of a HIPAA breach.
Jeff [12:22 AM]
These are "material changes" to the NoPP, which means you must give new copies to patients (if you're a provider) and mail them out to beneficiaries (if you're a health plan), although you can do so at your next annual mailing. The Omnibus Rule states that providers can post the new NoPP and give a hard copy to old patients only if they ask for it, but must give new patients a hard copy and ask them to sign an acknowledgement.
Blogger: HIPAA Blog - Edit your Template