This Policy Manual addresses compliance with federal and state law concerning privacy of medical records for your clinical care Center.
The HIPAA Privacy Rule sets standards that apply to records held by health care providers across the nation. State law sets standards for records held by doctors, hospitals and other health care providers within the state. Most health care providers must follow both the HIPAA Privacy Rule and state law. We have used Massachusetts law as an example of applicable state law. Therefore, if you hire legal counsel to tailor this form document to your situation, then your attorney may search for the Massachusetts law examples as illustrations of places where specific state law should be inserted.
For your convenience, we have highlighted sections of the Manual to which you should pay particular attention (i.e., names and dates relevant to you), and have highlighted updates relating to 2009 federal legislation (the American Recovery and Reinvestment Act of 2009).
The file is provided as a Word document for easy editing.
|
|
|
Chapter 1 — Introduction and Basic Policies
|
| |
Where HIPAA Applies |
| |
Administrative Requirements |
| |
Designated Privacy Officer & Complaints Contact Person
|
Chapter 2 — Procedures for Patient Privacy
|
| |
Background - Patient Confidentiality |
| |
Before Provision of Care - Authorizations Obtained on First Visit |
| |
Ongoing Forms for Communicating with Patient about PHI Authorizations/Disclosures |
| |
Policy/Procedure Re: Authorization for Release of Medical Records |
| |
Policy/Procedure Re: Authorization to Obtain Medical Records |
| |
Policy/Procedure Re: Amendment of Records |
| |
Policy/Procedure Re: Disclosure of Records |
| |
Policy/Procedure Re: Legal Considerations |
| |
Policy/Procedure Re: Access Without Consent |
| |
Policy/Procedure Re: Accounting for Access
|
Chapter 3 — Business Entities/Business Associate Procedures
|
Chapter 4 — Security & Electronic Transaction Standards
|
Chapter 5 — HIPAA Compliance Administrative Policies
|
| |
Policy/Procedure Re: Patient Complaints Procedure |
| |
Policy/Procedure Re: Managing a Breach in Patient Confidentiality |
| |
Policy/Procedure Re: Maintaining & Updating Privacy Policies & Procedures
|
HIPAA Forms
|
| |
Patient Forms (completed by patients as needed) |
| |
PF 1
|
Notice To Patients |
| |
PF 2
|
General Authorization For Release Of Medical Records |
| |
PF 3
|
Disclosure To Family/Friends |
| |
PF 4
|
Restriction On Use And Release Of Medical Records |
| |
PF 5
|
Specific Authorization For Release Of Medical Records |
| |
PF 6
|
Request For Amendment Of Medical Record |
| |
PF 7
|
Authorization To Obtain Medical Records |
| |
Staff/Provider Forms (to communicate with patients as needed) |
| |
SF 1
|
Granting Of Request By Patient For Disclosure |
| |
SF 2
|
Denial Of Request By Patient For Disclosure |
| |
SF 3
|
Response To Request To Amend Records |
| |
SF 4
|
Notice Of Amendment To Medical Record |
| |
SF 5
|
Accounting For Access Provided To Medical Records |
| |
Business/Management Forms (for internal management of confidentiality) |
| |
BF 1
|
Privacy Officer |
| |
BF 2
|
Contact Person Identification Form |
| |
BF 3
|
Administrative Complaints Form |
| |
BF 4
|
Business Associate Agreement |
| |
BF 5
|
HIPAA Training Attendance Log Sheet |
| |
BF 6
|
HIPAA Annual Training Schedule |
| |
BF 7
|
Electronic Standards Compliance Letter To Billing Company
|
Attorneys
·
Clients
·
Practice
·
Store
·
Contact
