Updating Your Notice of Privacy Practices for HIPAA
Keeping your HIPAA Notice of Privacy Practices up to date is crucial. Discover how Statusfi simplifies compliance—watch the video to learn more!
Referenced Links:
(Important note: Statusfi is available to ICS general and platinum members at NO additional charge. It was designed and developed and maintained by the ICS. There is no catch or upsell, and it is free to ICS members.)
Throughout time, it’s been easy to kind of create policies and set them on a shelf and forget that they’re there, but quite candidly, that just doesn’t work in many of the regulatory environments and requirements that we have in our practices. So one of the key things that we want to hit on today is your HIPAA Notice of Privacy Practices and that notification that you provide to your patients about everything that happens within your practice and how you protect their information.
Now, some of you probably have created this policy and you’ve left it on a shelf because you think, well, nothing has really changed. There’s been no new requirements. In fact, there’s a little bit of truth to the no new requirements and that the law was signed into existence back in 1996 everything kind of took place in 2003 there were some changes regarding breach notification of which should be updated in that policy In 2009 and then the major changes to security and other things changed in 2013 related to the High Tech Act and also the Omnibus Rule. And so lots of things have changed. But then you think, well, in the last 12 years, not a whole lot Marc. Here is the thing, has nothing changed in your practice? Now, if nothing has changed in your practice, and no new computer systems, no new business associates that you have to at least have included or what they’re doing included within your Notice of Privacy Practices, if nothing has changed at all in your practice in the last 12 years, and then maybe you’re okay. I’m going to guess that for about 99% of the practices out there, something has changed.
Have you hired a billing company? Did you start using a different contractor for something in your practices that may have required a new business associate agreement? Have you updated those, by the way? If you have made those changes, you need to look over your Notice of Privacy Practices and make sure that something there doesn’t need to be updated. Are you using patient portals or what other digital access are you providing medical records to your patients? Are you now sending things via email that maybe you didn’t back in 2004 when you originally created the policy, or even in 2013 when you updated it for the High Tech Act? Are you sending out appointment reminders, texts, emails, etc, whether yourself or through systems and is that included in your Notice of Privacy Practices? Have you moved? Has anything else changed in that regard? Do you have new measures in place where you’re protecting the patient’s data, and you know, at the end of the day, have you updated your Notice of Privacy Practices for any of these changes or any other litany of changes that may have happened in your practice that impact your patient’s records and your policies and procedures within your practice that need to be included inside of that Notice of Privacy Policy. Now, here’s the other thing, have you gone through and updated it also for the more recent changes regarding reproductive health that are required now and should have been in place back in December of 2004.
All of these things have to be changed, they have to be updated and have to be watched on a regular basis, and really, you should be reviewing it no less than about once a year. It doesn’t mean you have to actually make changes to it. You have to review it and make sure that it’s still current and accurate. You need to jump out there and take the time to do that. Now, we do have a tool that can help guide you through this process and make sure that you’re dotting your I’s and crossing your T’s, and that is the software that the Illinois Chiropractic Society developed for our members, called Statusfi and it is one of the components of it, not all of it, in fact, it’s just a small portion of it is HIPAA, and it will guide you through a lot of things HIPAA and making sure that your Notice of Privacy Practices is also up to date. There’s model language out there for you to use and members, you can download that in our forms and downloads as well.
Here’s the thing, have you posted it in your practice, in a prominent location where patients can see it? Is it on your website? And do you offer it? Do you have evidence that you’ve offered it to all of your patients, anytime that those changes have taken place, and for all of your patients, all of these things are required for your HIPAA notice of privacy policies, and so we want to make sure that you have that nailed down and updated, that it’s available to your patients, that it’s posted appropriately, and everything has been taken care of. Jump out there and do that. Don’t wait, don’t delay, and don’t say I’ll take care of that later this year, because we both know that probably that’s probably not going to happen. Procrastination isn’t going to help you make that good-faith effort to be able to get this sewn up and available to your patients appropriately. It’s a simple policy change, and you can make sure it aligns with your current policies, procedures, and practices in your office. Hopefully, this helps you out, and we’ll catch you next week.