Bruce Merlin Fried and Henry J. Aaron speak at Dec. 9 audioconference, Health Reform Under President Obama: Likely Priorities and Time Frames for 8 Possible Initiatives

AIS Compliance Health Reform Pharmacy Benefit Consumer-Directed Care Compliance Market Data Health Plans
 HOME
 New on the Site
Customer Service
Sample Newsletters MarketPlace
AIS Products & Services

E-Savings Club weekly specials

Free E-Mail Newsletters
Health Business Daily
Government News
Sign Up for Free E-Mail Newsletters

Health Business Job Openings

Health Business Meetings

People on the Move
 
Health Plans
General Business Issues
Product News
Company Intelligence
Disease Management
Blue Cross and Blue Shield
Medicare Advantage
Managed Medicaid
Health Plan Products
 
Compliance
Compliance Strategies
HIPAA Resource Center
Government Resources
Compliance Products
 
Pharmacy Benefit
Pharmacy Benefit Mgmt.
Specialty Pharmacy
Drug Mgmt. Products
 
Consumer-Directed Care
Articles on CDH
CDH Data
CDH Products
 
Market Data
Health Plan Enrollment
Pharmacy Benefit Mgmt.
Data Products
 
Health Reform
Obama Administration
Federal Legislation
State Legislation
State Results
Association Positions
Research Organizations
 
MarketPlace
Newsletters
Web Services & Looseleaf Guides
Books & Reports, Directories & Databases
Live Meetings & Audioconferences
Alphabetical Listing
 

Health Care Links
 

 
Visit AISEducation.com for more news and strategic information for today's business leaders
 

HIPAA Compliance Strategies

Privacy Recordkeeping: The Paper Trails You Need to Document Compliance

Reprinted from the June 2005 issue of REPORT ON PATIENT PRIVACY, the industry's most practical source of news on HIPAA patient privacy provisions.

This checklist was prepared by Donald E. Koenig, Jr., vice president for corporate responsibility for Catholic Healthcare Partners in Cincinnati. Recordkeeping requirements listed below are required under HIPAA unless they are designated with an "O," which means they are optional (recommended by Koenig). Please note that this checklist pertains only to HIPAA privacy requirements and does not address security, TCS or other HIPAA issues.

Preparatory Paper Trails (maintain for six years).

    a. Appointment of key staff

  • Privacy officer
  • Privacy steering committee/work groups (O)

b. Risk assessments/gap analyses (O)
c. Action plans/accountabilities (O)
d. HIPAA-related policies/procedures
e. Business associates

  • Those with BA agreements (BAs) completed by 4-14-03
  • Those where BAAs will be completed by 4-14-04

    • f. Education and training

  • All present work force trained by 4-14-03
  • All new work force trained within a "reasonable" time of start date
  • All work force affected by a material change in policies/procedures trained within "reasonable" time.

    • g. Complaint process

  • Process, roles and responsibilities
  • Log

    • h. Readiness audits or surveys (O)

Ongoing HIPAA Compliance Paper Trails (to begin to build on April 14, 2003; maintain for six years).

    a. Staff appointments

  • Privacy officer
  • Contact person for information or complaints
  • Person to receive/process PHI access/copy requests
  • Person to receive/process PHI amendment requests
  • Person to receive/process accounting requests
  • Person to approve release of "de-identified" info
  • Person(s) to approve the validity and completeness of documents prior to release of PHI

    • b. Covered entity designations

  • Hybrid entities
  • Affiliated covered entities
  • OHCA (not required)

c. Education and training
d. Complaints

  • "Log of every complaint and its disposition"

e. Sanctions applied to any violator
f. Administrative, technical and physical safeguards
g. Policies and procedures
h. Notice of privacy practices, and all revisions
i. Patient acknowledgements

  • Copy of those received
  • Document reasonable efforts for those not received

j. Authorizations
u Revocations of authorizations
k. PHI access

  • Designated record set to which access will be granted
  • Access request extension responses
  • Denial of access requests

l. Agreements to restrict use or disclosure of PHI
u Termination or modifications of agreements
m. Requests to amend PHI
n. Response to extension notice for delay

  • Acceptance of amendment request
  • Denial of amendment request
  • Accounting for disclosures of PHI
  • Record entries of disclosures made that must be tracked and accounted for
  • Delay in responding notice
  • Copies of accountings provided

    • o. Written statements from law enforcement why an accounting of the disclosure to law enforcement would impede the agency's activities
    p. Documentation to support disclosure of PHI where authorization was not required

  • Verification of identity of requestor
  • Satisfactory assurances from court or administrative tribunal for disclosures without a subpoena or order
  • Research-related disclosures
  • Public health reporting to an employer — notice to the individual

    q. Business associate agreements
    r. Data use agreements for limited data sets
    s. Compliance reviews/investigations by OCR

 

High-Risk Areas in Medicare Billing - Compliance Auditing Tools for Hospitals and Health Systems

receive free reports

HIPAA & Medicare Compliance Resources

Advertise With AIS

Privacy

Site Map



Copyright © 2008 by Atlantic Information Services, Inc. All rights reserved.
1100 17th Street, NW, Suite 300, Washington, DC 20036
Phone 202-775-9008 or 800-521-4323; E-mail customerserv@aispub.com