BC Advantage

Page 42

HIPAA / Security

Does your doctor keep your

Protected Health Information (PHI) Safe & Secure? Today, I visited my local dentist office for a new patient consultation and to interview them before choosing them as my Covered Entity (CE). After examining the waiting room and completing the necessary paperwork, I was called into the treatment room. •

D

uring my appointment, I met several different staff members, including their office manager responsible for HIPAA, and finally, the provider. The rest of the visit went as most dental exams do—no need to say more! After asking the office manager different questions about their Notice of Patient Practices (NPP), I decided the practice did not understand—or were choosing not to practice—HIPAA Privacy & Security responsibilities. I’d like to tell you that I only had to do this one time before I found a CE I trusted with my care and HIPAA Privacy & Security information, but sadly no, that was not the case. I interviewed four different practices and only one of them would I trust and recommend with my information and care. I share this information with you to help you learn what to look for when you visit your next provider of care. The first question to ask yourself upon choosing a CE is: Did your CE provide you with their NPP? CE’s are required to provide their patients with a NPP in plain language that provides: •

A description of how the practice uses or discloses (shares) your PHI.

42

BC Advantage Magazine

www.billing-coding.com

The CE’s legal duties with respect to the information, including a statement that the CE is required by law to maintain the privacy and security of PHI. How you will be promptly alerted if a breach occurs that may have compromised the privacy or security of your information. Assurance that the CE will not use or share your information other than as described in the NPP unless you instruct them in writing that they are allowed. If you consent, you may change your mind at any time, in writing. The individual’s rights with respect to the information and how the individual may exercise these rights, including how the individual may complain to the CE. A list of contacts for additional information about the CE’s privacy policies.

A CE must follow the duties and privacy practices described in the NPP and give you a copy of it. A CE must make its notice available to anyone who asks for it. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. A CE must prominently post and make available its notice on any website it maintains that provides information about its customer services or benefits. The NPP must also include an effective date. For more information see 45 CFR 164.520(b) for the all NPP requirements: https://www.gpo.gov/fdsys/pkg/CFR-2011-title45vol1/pdf/CFR-2011-title45-vol1-sec164-520.pdf Also see: Frequently Asked Questions about the Privacy Rule

Kimberly Shutters, Founder and CEO of HIPAA Alli, established in 2013, assists Covered Entities (CE), Business Associates (BA), medical device manufacturers, and health application developers/vendors in administering their HIPAA/HITECH Privacy & Security Compliance activities. http://hipaaalli.com/

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.