How Many Times Have You Heard the Word HIPAA?
And ... What Can You Do to Prepare for It?
We all know that privacy rules will have to be implemented in medical practices soon, based on the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Still, many will be caught off guard. Don't let your practice be one of them. Before time runs out, your office manager should investigate and work toward developing a plan to be in full operation by April 2003. But don't wait until then to expand your employees' awareness and basic knowledge.
Yes, you will need to develop and adhere to a manual of privacy policies and procedures. New forms will be implemented, such as a notice of privacy practices, patient consent and authorization forms, request for limitations and restrictions of protected health information (PHI), request to inspect and copy protected health information, request for amendment of PHI, business associates contracts, and so on. However, nothing will be as crucial as your employees' understanding of what patient confidentiality and privacy mean.
When we train medical office employees, we teach them a golden rule: Common sense is not so common.
Use Your Common Sense!
Here are some examples:
These two people had access to this privileged information in the course of their employment, and their actions are definitely a breach of confidentiality. Do their employers have a confidentiality agreement in place? Are the employees aware that what they said might result in termination of employment?
New employees and volunteers should attend an orientation session to understand the ethical responsibility of maintaining patient privacy. Employees and volunteers gain access to personal and medical information regarding a patient and information about your practice that otherwise they would not have obtained. Your employees' and volunteers' files should contain a confidentiality agreement designed to protect both patient and practice information from being shared outside the office.
Throughout the day, we may be leaking patient information without our knowledge. The window that separates the reception area from the waiting room is not sound-proof-receptionists should not relate to other employees, or to anyone, patient information so loudly that other patients can hear. And doctors should be sure to dictate in a private area. Other suggestions include:
Under the privacy rule, physicians have the right to use and disclose patient medical information in order to carry out treatment, payment, or health care operations (also known as TPO), with the written consent of the patient. Make sure that there is a signed consent form in the patient's chart.
Remember the three monkeys, See no evil, Hear no evil, Speak no evil? Make sure your office handles information in such a tactful way that unauthorized people cannot see, hear, or talk about your patients' medical information.
The U.S. Department of Health and Human Services' Office for Civil Rights provides guidance on HIPAA at www.cms.hhs.gov/hipaa/. For a copy of a confidentiality agreement, visit www.clinicalms.com, or you can find links to these documents on the Practice Management page at www.aahivm.org.
Germania R. Echeverry, C.P.C., Clinical Management Solutions, Inc., your hands-on consulting team
This article was provided by American Academy of HIV Medicine. It is a part of the publication The Nexus. Visit AAHIVM's website to find out more about their activities and publications.