HIPAA Privacy

Privacy is a large part of HIPAA, more than most organizations realize. The law shifts the ownership of medical records from Providers to Patients and gives a patient certain rights:

• Use - Providers and Healthcare Plans must provide patients with a written Notice of Privacy Practices (NPP), which details how their data will be used.
• Inspection - Patients have the right to inspect and copy their own PHI
• Correction - Patients have the right to request amendment to inaccurate or incomplete data. If the Provider of Plan refuses, the patient has the right to have the request noted in his/her file even if the data is not changed.
• Disclosure History - Patients have the right to know who received their PHI for purposes other than treatment, payment or healthcare operations.
• Restriction - Patients may request certain restrictions on who can use or view their data. If the provider agrees, it is bound to respect the restrictions
• Revocation - Patients may revoke authorizations (in writing) without stating or proving a cause.

As a covered entity, you must document your policies and practices. Additionally, you are required to:

• Designate a Privacy Officer
• Train all members of your workforce in privacy rules (including those who do not directly handle records)
• Implement safeguards to protect records from misuse
• Develop sanctions for staff and business partners who violate your privacy policies and practices
• Provide a means for patients to lodge complaints and maintain records of complaints

Non-compliance is a serious Federal Offense:

• Maximum of $25,000 per person/entity per year per infraction type
• Maximum of $250,000 and up to 10 years in prison for knowingly using or disclosing PHI in ways that breach the regulations

Contact G&G Technologies, Inc. for assistance with your HIPAA Privacy Compliance. Our specialists can help you meet the April 14, 2003 deadline.