1.
‘Are you a “Covered Entity” under HIPAA?
A. If yes—You are responsible for complying with the federal HIPAA and HITECH laws, as well as state confidentiality law. Continue answering the questions below.
B. If no—You must comply with state confidentiality law. Additionally, it is suggested that you review the questions below as the Privacy and Security Rules are floorsof confidentiality protection, and, as a psychiatrist, you are held to a much higher legal and ethical standards from protection of patient information.
C. If you do not know—HHS (the Department of Health and Human Services), responsible for enforcement of the Privacy and Security Rules, has created the following resources to assist you in determining whether you are a Covered Entity:
2.
Do you have your Privacy Rule policies and procedures documented?
A. Summary of the Privacy Rule from HHS: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
B. PRMS resource: In the HIPAA Help section of our website (https://www.prms.com/services/risk-management/hipaa-help), we provide checklists that might assist you in drafting policies as well as model forms (from 2003)
3.
Do you have your Notice of Privacy Practices?
Model from HHS: http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/model-notices-privacy-practices/
4.
Are your Privacy Rule policies and procedures being followed?
A. Are patients actually receiving your Notice of Privacy Practices?
B. Are all requests for restrictions considered?
C….