6 Ways to Stay HIPAA Compliant

At the 20th Annual Ambulatory Surgery Centers Conference in Chicago on Oct. 25, Holly Carnell and Meggan Michelle Bushee, associates with McGuireWoods law firm in Chicago, discussed developing practical HIPAA compliance plans for ASCs.

Earlier this year, HHS released a new HIPAA final rule to implement new provisions as part of the HITECH act. The Omnibus final rule went into effect Sept. 23, and Ms. Carnell discussed how this rule has impacted ASC policies and procedures. Such changes included:

•    Breach standards were updated with more objective standards and lower thresholds for disclosures to rise to the level of a breach
•    Changes to business associate provisions
•    Individuals have the right to obtain
•    Broader disclosure rights with descendents' personal health information

Here are six suggestions from Ms. Carnell and Ms. Bushee on ASCs complying with HIPAA regulations.

1. Update all posted privacy policies with HHS' new notice of privacy practices. Retain all old copies of privacy policy notices, which can be requested during an audit.

2.  Review all business associate agreements to properly protect patient PHI. Not only should old business associate agreement be replaced, but new agreements may need to be crafted for vendors not previously included in the definition.

3. Continuously strive to train employees. By sending out monthly corporate compliance and HIPAA update emails with reminders on how to dispose PHI or communicate over the phone, ASCs can fulfill requirements for compliance training. Ms. Bushee reminds ASCs to log and document all training.

4. Refrain from letting any paper documents leave the surgery center. Make all workstations lock when inactive have locks on all filing cabinets.

5. Be aware of telecommunication protocols. When leaving voicemails for patients, be general and leave only the patient's name, the name of the center, contact information and appointment time, if applicable. Do not provide information as to the reason for the visit without disclosure.

6. Use encrypted emails and always double check attachments and email addresses before sending PHI. Avoid putting PHI in the subject line and do not include information on HIV, substance abuse, mental health in the message.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Webinars

Featured Whitepapers

Featured Podcast