Beginning April 14, a notice of the facility's policy with respect to PHI is required to be presented to the resident on or before the first time services are delivered to that resident. For a nursing facility, that generally would be at the time of admission. The receipt of the privacy notice must be acknowledged in writing, but the facility does not have to explain the notice or otherwise elaborate on its contents. Facilities also must post a copy of the privacy notice in a prominent location where it is reasonable to expect that the residents will see it. Copies of the notice also must be provided to anyone who requests one; the notice must be posted and available on the facility's Web site, if the facility has one.
For record-keeping purposes, the facility must put a copy of the current notice in every resident's file and maintain a copy of each version of the notice in the facility's business files.
* A statement as a header and prominently displayed must declare: "THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY."
This requirement is easily followed, but note that the statement must be in all caps and worded exactly as set forth above.
* Information that other disclosures and uses will be made only with the resident's written authorization and that he or she may revoke this authorization.
This information can be placed anywhere in the document and can state that revocation is possible, and the request for revocation must be in writing.
* Statement that describes the resident's rights concerning his or her PHI and how those rights maybe exercised, such as (i) to request restrictions concerning certain uses and disclosures of PHI, (ii) to receive confidential communications of PHI, (iii) to inspect and copy PHI, (iv) to amend PHI, (v) to receive an accounting of disclosures of PHI, and (vi) to obtain a paper copy of the privacy notice on request even if the individual has agreed to receive the notice electronically.
Again, this provision will result in a lengthy disclosure. Under section i, the facility wants to make clear that while the resident can request that PHI not be disclosed, the facility is under no obligation to grant the request. Medicare and Medicaid facilities can state that there are times when the request cannot be honored-including emergencies, if the resident is being transferred to another healthcare facility, or the disclosure is required by law. Under section iii, remember to indicate that if the resident wants copies of his/her medical record, HIPAA allows the facility to charge a reasonable copying fee. Section iv indicates that amending PHI is allowed, and requests for amendment should be made in writing with information to support the requested change. The accounting provisions listed under section v should be conditioned, and the policy should state that an accounting can only go back six years, and that no accounting will be given for disclosures for reason of treatment, payment, or healthcare operations; for disclosures made to the resident, the resident's legal representative, or any other individual involved in the resident's care; for disclosures to law enforcement officials; or for disclosures for national security purposes.
* The facility is required by law to maintain the privacy of the resident's PHI with a list of the duties and practices of the facility with respect to PHI; and further, the facility is required to abide by the terms of the notice currently in effect. The notice should state that the facility reserves the right to change the terms of its notice and to make new notice provisions effective for all PHI that it maintains. The facility must also describe how it will provide residents with a revised notice.
Facilities can choose to use a "layered notice," where this information is included on a summary page (or first layer) along with a summary of the resident's rights, then have a "second layer" that contains all of the elements required by the Privacy Rule.
Sandra K. Battaglia, Esq., is of counsel with Balick & Balick, Wilmington, Delaware. She practices primarily in the area of health law where she regularly counsels Long-term care organizations and other healthcare providers in regulatory compliance matters, including HIPAA, corporate compliance, and state and federal regulations. To comment on this article, please send e-mail to firstname.lastname@example.org.
|Printer friendly Cite/link Email Feedback|
|Author:||Battaglia, Sandra K.|
|Date:||Mar 1, 2003|
|Previous Article:||Designing a better bathroom: making bathrooms and toilet rooms safer and more comfortable. (Feature Article).|
|Next Article:||Westminster-Canterbury on Chesapeake Bay. (Design Center).|