|
ICCOM International Center for Chiropractic Office Managers
“A Leader in Chiropractic Office Management and Compliance Training”
|
|
©2009 ICCOM |
|
HIPAA Privacy Checklist |
|
THE HIPAA Privacy Checklist Federal HIPAA privacy regulations mandate that all covered entities MUST:
• Designate a privacy official responsible for developing/implementing HIPAA policies and procedures;
• Document policies and procedures with respect to PHI showing compliance with the HIPAA privacy regulations;
• Make reasonable efforts to limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose of the use or disclosure;
• Provide a process for access to the individual’s health information;
• Develop a system for tracking disclosures of PHI, with some exceptions for payment, treatment, or health care operations related disclosures;
• Provide a process for individuals to amend their health records when appropriate;
• Develop business associate contracts/agreements that ensure business associates can comply with HIPAA;
• Mitigate, to the extent possible, any harmful effect that is known to the entity from the use or disclosure of private health information in violation of the entities' policies and procedures;
• Develop procedures for verification of the person requesting PHI and the authority of that person to have access;
• Provide a process for individuals to request alternative means of communication, place restrictions on the use of their health information, and make a complaints concerning the covered entity’s policies and procedures or compliance with such policies and procedures;
• Refrain from requiring individuals to waive the right to make a complaint to the covered entity or to the U.S. Department of Health and Human Services (DHHS) Office for Civil Rights as a condition of receiving treatment:
• Refrain from intimidating or retaliatory acts toward individuals exercising their rights granted under HIPAA privacy;
• Have in place appropriate administrative, technical, and physical safeguards to protect the privacy of PHI;
• Provide training for workforce members on the policies and procedures to protect health information;
• Apply appropriate safeguards against staff who fail to comply with the policies and procedures of the entity; and
• Develop and disseminate a privacy notice. |
