HIPAA Policies and Procedures Templates | HIPAA Compliance for Medical Practices | Scoop.it

HIPAA Policies and Procedures Templates are form documents that relate to a particular area of HIPAA compliance.

 

HIPAA Policies and Procedures templates provide information on what an organization must do to be compliant in that area. As an example, HIPAA Policies and Procedures Templates include a Policy and Procedure Template for Breach Notification.

 

The template contains general language about how to detect and report a breach. 

What Should Be Included in HIPAA Policies and Procedures Templates?

For a healthcare organization to meet HIPAA compliance requirements, its physicians, nurses, other medical staff, and any other employees who may encounter protected health information (PHI) or electronic protected health information (ePHI) must understand what their job roles allow them to do.

 

HIPAA Policies and Procedures Templates include, for example, a policy and procedure for the HIPAA “Accounting of Disclosures” provision of the HIPAA Privacy Rule. This provision requires healthcare organizations to give patients an accounting of entities and persons to whom the organization has sent patient PHI.

 

When a patient requests an accounting, the healthcare organization must have a policy, or overall principle, about accountings of disclosures. This principle can be put in writing, as something along the lines of “The law requires us to provide patients with the names of people and organizations we have given their PHI to. The law also requires that we let patients know what PHI we disclosed.” 

 

The organization can only handle specific patient requests once it has implemented a series of processes for doing so. These processes are called procedures.

 

A procedure is a series of steps allowing for the organization to provide the accounting. Procedures that are required in the accounting of disclosures context include procedures for determining who is qualified to answer a request (so that only people whose job duties require access to PHI can answer), what requests require the organization to provide the accounting and what requests the organization need not provide an accounting for, how the accounting is to be provided (i.e., by first-class mail, overnight mail, fax with a HIPAA compliant fax cover sheet), and when (within what timeframe) the accounting must be provided.

 

The organization must also have a process in place that addresses what it must do when a patient complains that the accounting he or she received was not complete, or did not contain required information.

Using HIPAA Policies and Procedures Templates, which require that the same process be followed each time a patient makes a request, ensures the organization will consistently and accurately meet its compliance requirements.