More Than Just a Free Newsletter
Become a Tame Your Practice member for FREE and receive our newsletter, special offers, and exclusive members-only content.
HIPAA Final Rule Templates and Requirements
The HIPAA Final Rule brought many changes to the game. In order to be fully compliant, there are some specific things Covered Entities now need to have in place (as of September 23rd, 2013). The list is too long to cover completely here, but here’s a list of some basics, likely to be added to your Privacy and Disclosure documents, to be sure you have covered:
- Clients how have the right to require you to not release any information to their health insurance plan if they pay for services directly. Previously providers had discretion in this. Now, the client is in complete control.
- There are further restrictions regarding marketing communications. These are mostly aimed at practices like pushing pharmaceuticals a doctor gets kick backs for. The wording is general enough that non-prescribing providers need to be aware of it as well.
- Providers now have only 30 days to provide PHI when requested by a client.
- Sale of PHI is forbidden. There are exceptions for de-identified PHI, but there are potential concerns there as well.
- Business Associates are now directly liable for compliance. It’s important to revisit your Business Associate Agreements with vendor to ensure they have adjusted them to account for their new responsibilities.
This is only a sampling of what Covered Entities need to do to maintain compliance. I encourage you to research the topic fully and consult with your HIPAA knowledgable attorney. Here are some other useful links:
- The AMA’s summary of the Final Rule
- Updated HIPAA Privacy Notice Templates (Developed by the ONC and OCR)
And remember, with HIPAA, it’s all about the documentation. Document, document, document! And, of course, I’m available for consultation!
Similar articles you might be interested in!
Tame Your Practice membership is free and provides therapists access to exclusive content, discounts, and deals from partners!
Recommendations for technology, web sites, secure email, phone, credit card processing, therapy tools/interventions, podcasts, and much more!
In addition to using strong-passwords, and a password manager (I use LastPass), I strongly encourage everyone to use Multi-Factor Authentication (now, more commonly referred to as Two-Factor Authentication or 2FA) whenever possible.
About the Author
Rob has been covering technology and business news for mental health professionals since 2011. His extensive experience in IT, business, and private practice allow him to synthesize information in a friendly, digestible manner. He also enjoys time with his family, ultimate frisbee, and board gaming.