The Privacy Rule
The Privacy Rule requires Administrative, Physical and Technical Safeguards for PHI (protected healthcare information). The following list provides several ways the practice may provide such safeguards:
- Secondary exits to the practice should automatically lock from the outside.
- Laboratory specimen boxes kept outside the practice in a public area should be locked when specimens are inside, and the lab should deliver lab reports directly to the practice rather than leaving them inside the box.
- Patient records should always be protected from unauthorized access.
- If records are removed from the facility location, they must be tracked.
- Dictate Encounter information privately where it cannot be overheard by third parties.
- Computers, copy machines and fax machines should not be accessible to third parties. Copy machines generally contain memory software, which holds copies of every item copied on the machine. This memory storage must be deleted before the unit is sold or returned to a leasing company.
The HIPAA privacy rules are perhaps the most significant regulatory changes affecting healthcare practices in the last twenty years. With already heavy demands upon staff, few practices have become fully compliant with the HIPAA regulations.The new HITECH regulations compound this problem.
Perhaps you have found yourself asking such questions as:
- May I send medical records of a patient to another doctor's office without the patient's consent?
- May I send patient information via facsimile?
- Must I honor a patient's request to amend his/her medical record?
- What information must I keep to honor a patient's right to an accounting of uses and disclosures of protected health information (PHI)?
- Who must be able answer these questions in my practice?
Click below if you are interested in our HIPAA Compliance Program.