Road to HIPAA Compliance: Privacy Rule – Privacy Notices and Consumer Complaints

by KirkpatrickPrice / May 25th, 2016

What is the Privacy Rule?

If you’ve been following along with our Road to HIPAA Compliance webinar series, congratulations – we’ve made it to the middle of the road! We are halfway to knowing all about HIPAA compliance. In this session, we’re covering the Privacy Rule, Notice of Privacy Practices, and handling consumer complaints.

The Privacy Rule exists so that patients know they have rights, and that those rights are respected. Patients have rights to know how an entity plans to use their PHI, rights regarding their own PHI, rights to ask questions, and they have rights to make complaints. The Privacy Rule is designed to govern the Uses and Disclosures of PHI, cover individual’s rights with respect to their own PHI, and lay out the responsibilities of entities to maintain PHI. Your organization needs to know what the Privacy Rule is to fully understand how the Notice of Privacy Practices fits in.

The Notice of Privacy Practices is the method used for communicating patient rights to patients. This document establishes the basis for a patient’s understanding of what will happen with their PHI. If we are to effectively communicate those rights, we need to understand that this notice is not an opportunity to get creative or have a lot of leeway. It is required to use plain language, boilerplate headings, and to include the required content and recommended formatting. In this webinar, we discuss the best practices for four areas of required content for Notice of Privacy Practices:

  1. Uses and Disclosures: describe the uses and disclosures of PHI for treatment, payment, and operational purposes, plus give an example for each purpose.
  2. Individual Rights: list their rights with respect to PHI, including their right to authorize uses and disclosures.
  3. Choices: inform patients about the choices they have about disclosing their PHI; for example: which family members do you give the right to disclose PHI to?
  4. Responsibilities: define the responsibilities of the entity with respect to the PHI; requirement by law to maintain privacy and security of patients’ PHI.

We also want to help you navigate how to acknowledge consumer complaints. Your organization needs to be fair, thorough, and consistent. You should give notice of how to submit a complaint and have channels for receiving, accepting, responding to, and documenting consumer complaints. There are also some things you absolutely cannot do. For example, you cannot discourage complaining in any way or retaliate against a patient for filing a complaint.

Listen to the full webinar to hear more about design, timeliness, limitations, and more for Notice of Privacy Practices. For help drafting your organization’s Notice of Privacy Practices, contact us today to speak to an expert.