HIPAA
jeanj
48 Posts
I know this is going to sound stupid, but I am totally confused as to what a small employer is suppose to do with this new HIPAA privacy act. I know we have another year before it has to be implemented, but my big question is WHAT HAS TO BE IMPLEMENTED!! I know ee's records have to be kept separate from their personnel files, but do we have to have a separate Privacy Office, and a separate something else officer to help answer questions for our ee's regarding health insurance etc. I have looked at several sites but I can't make heads or tails of most of it. Your help will be much appreciated.
Comments
I know how you must feel. I work for a small home health agency and we had to comply with HIPAA. There is a good site to check at [url]www.hhs.gov/ocr/hipaa/assist.html[/url]. I do not know what type of company you work for, butI would be most happy to share our forms, policies and notice if you would email me at [email]cwinebarger@charter.net[/email]. Have you checked the other notices on here regarding HIPAA compliance? There have been some really good discussions and advice. If I can help, let me know. JThe info below is copied directly from the OCR site. Check the last 2 sentences and see if this might shed some light on your question.
Question
Generally, what does the HIPAA Privacy Rule require the average provider or health plan to do?
Answer
For the average health care provider or health plan, the Privacy Rule requires activities, such as:
- Notifying patients about their privacy rights and how their information can be used.
- Adopting and implementing privacy procedures for its practice, hospital, or plan.
- Training employees so that they understand the privacy procedures.
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
- Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.
Responsible health care providers and businesses already take many of the kinds of steps required by the Rule to protect patients’ privacy. Covered entities of all types and sizes are required to comply with the Privacy Rule. To ease the burden of complying with the new requirements, the Privacy Rule gives needed flexibility for providers and plans to create their own privacy procedures, tailored to fit their size and needs. The scalability of the Rule provides a more efficient and appropriate means of safeguarding protected health information than would any single standard. For example,
- The privacy official at a small physician practice may be the office manager, who will have other non-privacy related duties; the privacy official at a large health plan may be a full-time position, and may have the regular support and advice of a privacy staff or board.
- The training requirement may be satisfied by a small physician practice’s providing each new member of the workforce with a copy of its privacy policies and documenting that new members have reviewed the policies; whereas a large health plan may provide training through live instruction, video presentations, or interactive software programs.
- The policies and procedures of small providers may be more limited under the Rule than those of a large hospital or health plan, based on the volume of health information maintained and the number of interactions with those within and outside of the health care system.
Carol
I am looking for about $0.50 worth of info.
DJ The Balloonman
Hey Balloonman, I am about zonked on HIPAA regs too. It is my understanding that anyone who has access to PHI must have some sort of compliance in place. Not all of the guidelines would apply to you, certainly not those related to hospital or patient care. I found a site that you can ask the feds directly what you need to do. Since I don't know your exact set-up, check at [email]OCRPrivacy@hhs.gov[/email]. I will be most willing to help you research if you will share a few more details about your company. Is this more than $0.50 worth? ha