HIPAA compliance requires facilities to have privacy policy: with HIPAA's compliance date for the privacy standard on April 14, 2003, each facility must have a detailed privacy policy. A preparation guide. (Feature Article).The Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ) requires that all covered entities (most nursing facilities meet the definition of covered entity) provide a notice to patients (or residents) detailing the ways in which the covered entity will use or disclose the patient's protected healthcare information (PHI phi n. Symbol  The 21st letter of the Greek alphabet.PHI, n See health information, protected. ). PHI is defined as individually identifiable health information that relates to the past, present, or future physical or mental health of, or the provision of healthcare to, a patient or resident. With the arrival of HIPAA's compliance date for the privacy standard on April IA, 2003, each facility must have a detailed privacy policy in place. This article describes the elements of the privacy policy and discusses how facilities should prepare such policies so a final product is available for use on the compliance date. Beginning April 14, a notice of the facility's policy with respect to PHI is required to be presented to the resident on or before the first time services are delivered to that resident. For a nursing facility, that generally would be at the time of admission. The receipt of the privacy notice must be acknowledged in writing, but the facility does not have to explain the notice or otherwise elaborate on its contents. Facilities also must post a copy of the privacy notice in a prominent location where it is reasonable to expect that the residents will see it. Copies of the notice also must be provided to anyone who requests one; the notice must be posted and available on the facility's Web site, if the facility has one. If there is a material change to any part of the privacy policy, the notice must be revised, the new version posted, and information provided to residents that the new notice is available upon request. Facilities must provide the revised notice to the residents, but do not need to have residents who received an earlier version of the privacy policy acknowledge the receipt of the revised notice. For record-keeping purposes, the facility must put a copy of the current notice in every resident's file and maintain a copy of each version of the notice in the facility's business files. To assist in preparing the privacy policy, the regulations provide an outline to follow. Following is a list of the elements required by the HIPAA privacy regulations, along with commentary on each element. * A statement as a header (1) In a disk or tape file, a set of data that resides permanently at the beginning. It may be used for identification only (type of file, date of last update, etc.), or it may describe the structural layout of the contents, as is common with many document and database formats. and prominently displayed must declare: "THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY." This requirement is easily followed, but note that the statement must be in all caps and worded exactly as set forth above. * A facility's privacy policy must include information relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc the uses and disclosures of the individual's PHI, including a description and one example for each of the types of uses and disclosures that the facility is permitted to make for the purposes of treatment, payment, and healthcare operations; a description of each of the other purposes that the facility is permitted or required to perform without consent, such as public health, governmental health oversight
Oversight may refer to:
A "Captain's Mast", held by a commanding officer of a warship is one such proceeding. , law enforcement, and work-related illness or injury; and enough detail to clarify the uses and disclosures that are permitted or required by the Privacy Rule or other applicable laws. This section may be lengthy because it will list the multiple ways that PHI is used and disseminated disseminated /dis·sem·i·nat·ed/ (-sem´i-nat?ed) scattered; distributed over a considerable area. dis·sem·i·nat·ed adj. Spread over a large area of a body, a tissue, or an organ. . You may want to consider for inclusion in the privacy policy: treatment purposes including creation of the healthcare records at the facility and for referrals to other healthcare providers, payment purposes, or healthcare operations such as quality improvement, business associates, facility directory, notifications to family members, marketing, fundraising
* Information that other disclosures and uses will be made only with the resident's written authorization The right or permission to use a system resource; the process of granting access. See access control. and that he or she may revoke To annul or make void by recalling or taking back; to cancel, rescind, repeal, or reverse. revoke v. to annul or cancel an act, particularly a statement, document, or promise, as if it no longer existed. this authorization. This information can be placed anywhere in the document and can state that revocation The recall of some power or authority that has been granted. Revocation by the act of a party is intentional and voluntary, such as when a person cancels a Power of Attorney that he has given or a will that he has written. is possible, and the request for revocation must be in writing. * Statement that describes the resident's rights concerning his or her PHI and how those rights maybe exercised, such as (i) to request restrictions concerning certain uses and disclosures of PHI, (ii) to receive confidential communications CONFIDENTIAL COMMUNICATIONS, evidence. Whatever is communicated professedly by a client to his counsel, solicitor, or attorney, is considered as a confidential communication. 2. of PHI, (iii) to inspect and copy PHI, (iv) to amend PHI, (v) to receive an accounting of disclosures of PHI, and (vi) to obtain a paper copy of the privacy notice on request even if the individual has agreed to receive the notice electronically. Again, this provision will result in a lengthy disclosure. Under section i, the facility wants to make clear that while the resident can request that PHI not be disclosed, the facility is under no obligation to grant the request. Medicare and Medicaid Medicare and Medicaid U.S. government programs in effect since 1966. Medicare covers most people 65 or older and those with long-term disabilities. Part A, a hospital insurance plan, also pays for home health visits and hospice care. facilities can state that there are times when the request cannot be honored-including emergencies, if the resident is being transferred to another healthcare facility, or the disclosure is required by law. Under section iii, remember to indicate that if the resident wants copies of his/her medical record, HIPAA allows the facility to charge a reasonable copying fee. Section iv indicates that amending PHI is allowed, and requests for amendment should be made in writing with information to support the requested change. The accounting provisions listed under section v should be conditioned, and the policy should state that an accounting can only go back six years, and that no accounting will be given for disclosures for reason of treatment, payment, or healthcare operations; for disclosures made to the resident, the resident's legal representative, or any other individual involved in the resident's care; for disclosures to law enforcement officials; or for disclosures for national security purposes. * The facility is required by law to maintain the privacy of the resident's PHI with a list of the duties and practices of the facility with respect to PHI; and further, the facility is required to abide by To stand to; to adhere; to maintain. See also: Abide the terms of the notice currently in effect. The notice should state that the facility reserves the right to change the terms of its notice and to make new notice provisions effective for all PHI that it maintains. The facility must also describe how it will provide residents with a revised notice. Facilities can choose to use a "layered notice," where this information is included on a summary page (or first layer) along with a summary of the resident's rights, then have a "second layer" that contains all of the elements required by the Privacy Rule. Creating a privacy policy is not an easy task. It requires facilities to review and list the ways the facility uses and discloses PHI. By April IA, all facilities must have this notice of privacy policies prepared and available for new residents, as well as prominently posted in the facility. It is important that facilities begin to work on this notice as soon as possible so that internal and external review of the policy can be conducted before the policy is required. If you would like more specific information, visit the U.S. Department of Health and Human Services' Web site at www.hhs.gov/ocr/hipaa/privacy. html. Sandra sandra (sänˑ·dr  ),adj K. Battaglia Battaglia (Italian for Battle) can refer to a number of things:
n the provision of medical, social, and personal care services on a recurring or continuing basis to persons with chronic physical or mental disorders. organizations and other healthcare providers in regulatory compliance matters, including HIPAA, corporate compliance, and state and federal regulations. To comment on this article, please send e-mail to battaglia0303@nursinghomesmagazine.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion