HIPAA & NOTICE OF PRIVACY PRACTICES
- HIPAA requires that the “Notice of Privacy Practices” be posted in a clear and prominent location in the organization, as well as posted on the organization’s website, if applicable, and all revised as needed to be current for clients to view and access.
- HIPAA requires that the “Notice of Privacy Practices” be available, upon request, to anyone who asks for it, and requires a direct treatment provider to give or send a copy of the organization’s “Notice of Privacy Practices” to each client on or before the first date of treatment service following the HIPAA Privacy Compliance deadline date of 4/13/03.
- The Federal HIPAA Regulations & Preamble (page 82551):
“Covered health care providers that have direct treatment relationships with individuals must provide the Notice to such individuals as of the first service delivery after the compliance date. Covered entity providers may satisfy this requirement by sending the Notice to all of their clients at once, by giving the Notice to each client as he or she comes into the organization, provider’s office or by being able to electronically download the Notice themselves off of our website.
Covered entity providers must prominently post the Notice where it is reasonable to expect that individuals seeking service from the provider are able to read the Notice. In the event of a revision to the Notice, the covered entity provider must promptly post the revision and make it available on site in the revised version, as well as update the notice on the website. There are three (3) requirements here: 1.) Send it or give it 2.) Post it, and 3.) Make it available to individuals on the website.
The HIPAA Privacy Regulations impose tough new restrictions on the notice, use, disclosure, accountability and possible sanctions for protected health information (PHI) by health care organizations and their employees. The HIPAA Privacy regulations define PHI as health information that’s individually identifiable and created or received by a health care organization.
VARIOUS “HIPAA COMPLIANCE” EDUCATION & GUIDELINES
- Complying with HIPAA (Health Insurance Portability and Accountability Act of 1996 federal regulations) is the responsibility of everyone, especially health care providers with access, use and disclosure abilities for client protected health information. Each individual is responsible for both the security and privacy of any protected health information of the clients that we serve, whether in verbal, written or electronic form.
- Loose lips and Lax procedures SINK health care operations and can result in civil and criminal penalties. The privacy regulations we will be following will only be the beginning of enhanced privacy protection of health information, and it is about preserving the trust that clients place in our health care delivery system.
- Minimum Necessary – Only authorized health care providers should have access to protected health information based on their job roles, their “need to know” principle and access should be “limited access” to information relevant to their care and treatment of individual clients related to your job for the intended purpose.
- General Confidentiality Communications, Privacy, Security, Behavior & Awareness –Verbal confidentiality is the responsibility of everyone to respect and limit disclosures of client’s private health matters in the workplace, limiting access, speaking in private areas with a low voice and protecting client’s health information
- Utilize Fax Cover Sheets, verify fax telephone numbers given, limit health information sending out the minimum necessary and use only client’s First Name on white boards and/or chart binder.
- Use of an individual’s health information should be for health purposes only, including treatment, payment and health care operations.
Our clients trust us to treat their PHI in confidence, and we must respect that trust.
Complaints & How to contact us
If you believe your privacy rights have been violated, you have the right to file a complaint by contacting the State Licensing Agency at the phone number indicated below. Jackson House will not retaliate against you for filing a complaint.
If you believe your privacy rights have been violated, you may make a complaint by contacting Community Care Licensing or the Secretary for the Department of Health and Human Services. No individual will be retaliated against for filing a complaint.
Community Care Licensing