PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03)



Similar documents
HIPAA Privacy Policies & Procedures

ELKIN & ASSOCIATES, LLC. HIPAA Privacy Policy and Procedures INTRODUCTION

Gaston County HIPAA Manual

HIPAA Policies and Procedures

Guidelines Relating to Implementation of the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

DISCLAIMER HEALTH INFORMATION PRIVACY POLICIES & PROCEDURES

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

RUTGERS POLICY. Policy Name: Standards for Privacy of Individually Identifiable Health Information

SDC-League Health Fund

AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE

HIPAA PRIVACY POLICIES AND PROCEDURES

PLLC NOTICE OF PRIVACY PRACTICES

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

Notice of Privacy Practices

KESWICK MULTI-CARE CENTER, INC. NOTICE OF PRIVACY PRACTICES

Connecticut Carpenters Health Fund Privacy Notice

We are required to provide this Notice to you by the Health Insurance Portability and Accountability Act ("HIPAA")

Dr. Adam Apfelblat 5140 Highland Road Waterford Phone: (248) Fax: (248)

TEXAS COLON & RECTAL SURGEONS, LLP HIPAA AND TEXAS LAW PRIVACY POLICIES AND PROCEDURES ADOPTED EFFECTIVE APRIL 1, 2003

Notice of Privacy Practices

HIPAA PRIVACY POLICY & PROCEDURE MANUAL

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

HIPAA Notice of Privacy Practices

HIPAA Omnibus Notice of Privacy Practices Effective Date: March 03, 2012 Revised on: July 1, 2015

CROSSROADS HOSPICE HIPAA PRIVACY NOTICE

HIPAA Notice of Privacy Practices HAND & MICROSURGERY ASSOCIATES, INC.

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX Main Fax

Notice of Privacy Practices Of Melissa Gressner, PsyD

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

JEWISH FAMILY SERVICE NOTICE OF PRIVACY PRACTICES

Genworth Life Insurance Company Genworth Life Insurance Company of New York NOTICE OF PRIVACY PRACTICES

HIPAA Notice of Patient Privacy Practices

Notice of Privacy Practices

Effective Date: March 23, 2016

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA CHECKLISTS DEVELOPING YOUR HIPAA DOCUMENTS PRACTICAL TOOLS AND RESOURCES. MASSACHUSETTS MEDICAL SOCIETY Getting Ready for

Pulmonary Associates of Richmond, Inc. Notice of Privacy Practices Page 1 of 6

Notice of Privacy Practices

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

PRIVACY NOTICE. In certain situations, we may also disclose patient information to another provider or health plan for their health care operations.

Notice of Privacy Practices for Protected Health Information (PHI)

HIPAA Employee Training Guide. Revision Date: April 11, 2015

The HIPAA privacy rule established federal law to help protect the use and disclosure of patient information. The privacy rule prohibits a covered

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

Health Information Privacy Refresher Training. March 2013

NOTICE OF PRIVACY PRACTICES Walter Chiropractic Clinic, 5219 Peters Creek Rd Ste 5, Roanoke VA 24019

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices. Human Resources Division Employees Benefits Section

SOUTH CAROLINA PUBLIC EMPLOYEE BENEFIT AUTHORITY (PEBA) NOTICE OF PRIVACY PRACTICES

Mohammad Djafari Pediatric Kennedy Parkway. Cortland, New York Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

HIPAA Privacy Rule Primer for the College or University Administrator

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

There are three sections to HIPAA the Privacy Rule, the Security Rule, and the Transaction Rule.

Notice of Privacy Practices

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER

Business Associate Agreement

This Notice describes Hill-Rom s practices regarding the use of your Protected Health Information, specifically including:

NOTICE OF PRIVACY PRACTICES

HIPAA HITECH PA Physician Practices

Kiran Mishra, Ph.D. Licensed Clinical Psychologist. Sugar Land, TX (832) TEXAS NOTICE FORM

Chief Privacy Officer Christian Brothers Services 1205 Windham Parkway Romeoville, IL

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL Fax HIPAA Notice of Privacy Practices ( Notice )

Transcription:

PATIENT RECORDS PRIVACY POLICIES AND PROCEDURES FOR HIPAA COMPLIANCE (4/03) Use and Disclosure of PHI: Protected Health Information ( PHI ) may not be used or disclosed in violation of the Health Insurance Portability and Accountability Act ( HIPAA ) Privacy Rule (45 C.F.R. parts 160 and 164) (hereinafter, the Privacy Rule ) or in violation of state law. Blue Ridge Neuropsychological Associates, P.A. is permitted, but not mandated, under the Privacy Rule to use and disclose PHI without patient consent or authorization in limited circumstances. However, state or federal law may supercede, limit, or prohibit these uses and disclosures. Under the Privacy Rule, these permitted uses and disclosures include those made:? To the patient? For treatment, payment, or health care operations purposes, or? As authorized by the patient. Additional permitted uses and disclosures include those related to or made pursuant to:? Reporting on victims of domestic violence or abuse, as required by law? Court orders? Workers compensation laws? Serious threats to health or safety? Government oversight (including disclosures to a public health authority, coroner or medical examiner, military or veterans affairs agencies, an agency for national security purposes, law enforcement)? Health research? Marketing or fundraising. Blue Ridge Neuropsychological Associates, P.A. does not use or disclose PHI in ways that would be in violation of the Privacy Rule or state law. Blue Ridge Neuropsychological Associates, P.A. uses and discloses PHI as permitted by the Privacy Rule and in accordance with state or other law. In using or disclosing PHI, Blue Ridge Neuropsychological Associates, P.A. meets the Privacy Rule s minimum necessary requirement, as appropriate Use and Disclosure of PHI Minimum Necessary Requirement: When using, disclosing or requesting PHI, Blue Ridge Neuropsychological Associates, P.A. makes reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request. Blue Ridge Neuropsychological Associates, P.A. recognizes that the requirement also applies to covered entities that request my patients records and requires that such entities meet the standard, as required by law. The minimum necessary requirement does not apply to disclosures for treatment purposes or when Blue Ridge Neuropsychological Associates, P.A. shares information with a patient. The requirement does not apply for uses and disclosures when patient authorization is given. It does

2 of 6 not apply for uses and disclosures as required by law or to uses and disclosures that are required for compliance with the Privacy Rule. Steps taken to Insure Compliance: The following questions and information will help you to write procedures for your office that meet the Minimum Necessary Requirement.? Steps taken to limit disclosures: Disclosure will be made on a case-by-case basis using the criterion of whatever is reasonably necessary to accomplish the purpose for which the request is made.? Exceptional Instances: Blue Ridge Neuropsychological Associates, P.A. may rely, if such reliance is reasonable under the circumstances, on a requested disclosure as the minimum necessary for the stated purpose, if the PHI is requested by another covered entity, by a public official (who represents that the information requested is the minimum necessary), or by a researcher (with appropriate documentation). Blue Ridge Neuropsychological Associates, P.A. may rely, if such reliance is reasonable under the circumstances, on a requested disclosure as the minimum necessary for the stated purpose, if the PHI is requested by a member of my staff or business associate. Blue Ridge Neuropsychological Associates, P.A. will not use, disclose, or request an entire medical record, except when the entire medical record is justified as the amount that is reasonably necessary to accomplish the purpose of the use, disclosure, or request. Use and Disclosure of PHI Psychotherapy Notes Authorization: Blue Ridge Neuropsychological Associates, P.A. abides by the Psychotherapy Notes authorization requirement of the Privacy Rule, unless otherwise required by law. In addition, authorization is not required in the following circumstances:? For our use for treatment? For use or disclosure in supervised training programs where trainees learn to practice counseling? To defend ourselves in a legal action brought by the patient, who is the subject of the PHI? For purposes of HHS in determining our compliance with the Privacy Rule? By a health oversight agency for a lawful purpose related to oversight of our practice? To a coroner or medical examiner? In instances of permissible disclosure related to a serious or imminent threat to the health or safety of a person or the public. All patients that are being considered for psychotherapy will be given a form explaining HIPAA compliance and asked to provide signed an authorization agreement, which is kept in the patient chart. The patient may revoke an authorization at any time in writing, except to the extent that Blue Ridge Neuropsychological Associates, P.A. has, or another entity has, already taken action in reliance on the authorization.

3 of 6 Patient psychotherapy notes will be kept separately from the normal medical record, and are the responsibility of the treating clinician. Notes from completed cases will be stored in a separate file cabinet or box. Psychotherapy notes may be released only when a valid authorization has been signed by the patient and received by our office. An authorization is considered valid when: 1. It is completely filled out and contains no false information 2. It is separate from other authorizations (i.e., not a blanket release) 3. Is written plain language that is unlikely to mislead the patient. 4. It contains a statement adequate to put the patient on notice that: a. he or she may revoke the authorization in writing and either exceptions to such right and a description of how to revoke, or a reference to revocation in the notice provided to the patient. b. treatment, payment, enrollment, or eligibility for benefits may not be contingent on the authorization c. protected confidential information could possibly be redisclosed by other and no longer protected by the rule 5. A valid authorization must also contain the following specific information: a. A description of the information to be used and disclosed that identifies the information in a specific and meaningful fashion. b. The name or other specific identification of the person(s), or class of persons, authorized to make the requested use and disclosure (i.e., From information).. c. The name or other specific identification of the person(s), or class of persons, to whom the requested use and disclosure will be made (i.e., To information). d. A description of each purpose of the requested use or disclosure. The statement at the request of the individual is a sufficient description of the purpose when a patient initiates the authorization and does not, or elects not to, provide a statement of the purpose. e. An expiration date that relates to the individual or the purpose of the use or disclosure. f. A signature (or if signed by a personal representative, a description of authority to sign) and date. Patient Rights Notice: As required under the Privacy Rule, and in accordance with state law, Blue Ridge Neuropsychological Associates, P.A. provides notice to patients of the uses and disclosures that may be made regarding their PHI and our duties and patient rights with respect to the notice. Blue Ridge Neuropsychological Associates, P.A. makes a good faith effort to obtain written acknowledgment that our patients receive this notice.? Blue Ridge Neuropsychological Associates, P.A. provides notice to patients on the first date of treatment. In an emergency situation, Blue Ridge Neuropsychological Associates, P.A. provide notice as soon as reasonably practicable. (This first date of treatment timing requirement applies to electronic service delivery, and a patient may request a paper copy of notice when services are electronically delivered.)

4 of 6? Except in emergency situations, Blue Ridge Neuropsychological Associates, P.A. makes a good faith effort to obtain from a patient written acknowledgement of receipt of the notice. If the patient refuses or is unable to acknowledge receipt of notice, Blue Ridge Neuropsychological Associates, P.A. documents why acknowledgement was not obtained.? Blue Ridge Neuropsychological Associates, P.A. promptly revises and distributes notice whenever there is a material change to uses and disclosures, patient s rights, my legal duties, or other privacy practices stated in the notice.? Blue Ridge Neuropsychological Associates, P.A. makes notice available in our office for patients to take with them and posts the notice in a clear and prominent location. Patient Rights Restrictions and Confidential Communications: The Privacy Rule permits patients to request restrictions on the use and disclosure of PHI for treatment, payment, and health care operations, or to family members. While is not required to agree to such restrictions, Blue Ridge Neuropsychological Associates, P.A. will attempt to accommodate a reasonable request. Once Blue Ridge Neuropsychological Associates, P.A. has agreed to a restriction, we. may not violate the restriction; however, restricted PHI may be provided to another health care provider in an emergency treatment situation. A restriction is not effective to prevent uses and disclosures when a patient requests access to his or her records or requests an accounting of disclosures. A restriction is not effective for any uses and disclosures authorized by the patient, or for any required or permitted uses recognized by law. The Privacy Rule also permits patients to request receiving communications from us through alternative means or at alternative locations. As required by the Privacy Rule, Blue Ridge Neuropsychological Associates, P.A. will accommodate all reasonable requests. Patient Rights Access to and Amendment of Records: In accordance with state law, the Privacy Rule, and other federal law, patients have access to and may obtain a copy of the medical and billing records that Blue Ridge Neuropsychological Associates, P.A. maintain. Patients are also permitted to amend their records in accordance with such law. Patient Rights Accounting of Disclosures: Blue Ridge Neuropsychological Associates, P.A. provides patients with an accounting of disclosures upon request, for disclosures made up to six years prior to the date of the request. While Blue Ridge Neuropsychological Associates, P.A. may, we do not have to provide an accounting for disclosures made for treatment, payment, or health care operations purposes, or pursuant to patient authorization. Blue Ridge Neuropsychological Associates, P.A. also do not have to provide an accounting for disclosures made for national security purposes, to correctional institutions or law enforcement officers, or that occurred prior to April 14, 2003.

5 of 6 Business Associates: Blue Ridge Neuropsychological Associates, P.A. relies on certain persons or other entities, who or which are not my employees, to provide services on our behalf. These persons include a billing service, collection agency, answering service, and nursing homes that we serve. Where these persons or entities perform services, which require the disclosure of individually identifiable health information, they are considered under the Privacy Rule to be my business associates. Blue Ridge Neuropsychological Associates, P.A. enters into a written agreement with each business associate to obtain satisfactory assurance that the business associate will safeguard the privacy of the PHI of my patients. Blue Ridge Neuropsychological Associates, P.A. relies on business associate to abide by the contract but will take reasonable steps to remedy any breaches of the agreement that Blue Ridge Neuropsychological Associates, P.A. become aware of. Enclosed are copies of the completed contracts. Administrative Requirement Privacy Officer: Blue Ridge Neuropsychological Associates, P.A. designates Mark R. Hill, Ph.D. as privacy officer, who is responsible for the development and implementation of the policies and procedures to protect PHI, in accordance with the requirements of the Privacy Rule. As the contact person for clinical practice, the privacy officer receives complaints and fulfills obligations as set out in notice to patients. Administrative Requirement Training: As required by the Privacy Rule, Blue Ridge Neuropsychological Associates, P.A. trains all staff members as necessary and appropriate to carry out their functions on the policies and procedures to protect PHI. Blue Ridge Neuropsychological Associates, P.A. has the discretion to determine the nature and method of training necessary to ensure that staff appropriately protects the privacy of my patients records. Administrative Requirement Safeguards: To protect the privacy of the PHI of my patients, Blue Ridge Neuropsychological Associates, P.A. has in place appropriate administrative, technical, and physical safeguards, in accordance with the Privacy Rule. Administrative Requirement Complaints: The privacy of my patients PHI is critically important for relationships with patients and for clinical practice. Blue Ridge Neuropsychological Associates, P.A. provides a process for patients to make complaints concerning adherence to the requirements of the Privacy Rule. Administrative Requirement Sanctions: Although Blue Ridge Neuropsychological Associates, P.A. will apply appropriate sanctions against a member of our staff who fails to comply with the requirements of the Privacy Rule or my policies and procedures, we may not apply sanctions against an individual who is testifying, assisting, or participating in an investigation, compliance review, or other proceeding.

6 of 6 Administrative Requirement Mitigation: Blue Ridge Neuropsychological Associates, P.A. mitigates, to the extent possible, any harmful effect that Blue Ridge Neuropsychological Associates, P.A. becomes knowledgeable of regarding use or disclosure, or business associate s use or disclosure, of PHI in violation of policies and procedures or the requirements of the Privacy Rule. Administrative Requirement Retaliatory Action and Waiver of Rights: Blue Ridge Neuropsychological Associates, P.A. believes that patients should have the right to exercise their rights under the Privacy Rule. Blue Ridge Neuropsychological Associates, P.A. does not take retaliatory action against a patient for exercising his or her rights or for bringing a complaint. Of course, Blue Ridge Neuropsychological Associates, P.A. will take legal action to protect ourselves, if Blue Ridge Neuropsychological Associates, P.A. believes that a patient undertakes an activity in bad faith. Blue Ridge Neuropsychological Associates, P.A. will not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against a patient for exercising a right, filing a complaint or participating in any other allowable process under the Privacy Rule. Blue Ridge Neuropsychological Associates, P.A. will not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against a patient or other person for filing an HHS compliance complaint, testifying, assisting, or participating in a compliance review, proceeding, or hearing, under the Administrative Simplification provisions of HIPAA. Blue Ridge Neuropsychological Associates, P.A. will not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against a patient or other person for opposing any act or practice made unlawful under the Privacy Rule, provided that the patient or other person has a good faith belief that the practice is unlawful and the manner of opposition is reasonable and does not involve disclosure of PHI. Blue Ridge Neuropsychological Associates, P.A. will not require a patient to waive his or her rights provided by the Privacy Rule or his or her right to file an HHS compliance complaint as a condition of receiving treatment. Administrative Requirement Policies and Procedures: To ensure that is in compliance with the Privacy Rule, Blue Ridge Neuropsychological Associates, P.A. has implemented policies and procedures to ensure compliance with the privacy rule. Administrative Requirement Documentation: Blue Ridge Neuropsychological Associates, P.A. meets applicable state laws and the Privacy Rule s requirements regarding documentation.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information