Hipaa Plain and Simple : A Compliance Guide for Healthcare Professionals

Dedication iii Foreword v Preface ix Acknowledgments xiii About the Authors xv HIPAA Overview 1(28) The Pathway to HIPAA 2(1) Basics of Administrative Simplification 3(4) Four Sets of Standards 7(1) Overview of the Four Standards 8(7) Transactions and Code Sets 8(2) Privacy Standards 10(1) Security Standards 11(3) National Identifier Standards 14(1) Who Must Comply? 15(3) Benefits to the Practice Can Be Substantial 18(2) Implementation May Take a While 20(1) Enforcement 21(3) Everyone Has a Specific Role 24(1) Risk Management 25(4) From Patient Eligibility to Claim Payment 29(28) The Eligibility to Claim Payment Process 30(6) Creating New Patient Records 32(1) Verifying Records for Returning Patients 33(1) Understanding the Medical Record 33(1) Ensuring Quality Control of Health Information 34(2) A Brief Overview of Transactions 36(1) A Brief Overview of Coding 36(3) HIPAA Transactions and Code Set Standards 39(1) Covered Transactions 40(15) General Provisions 41(3) Code Sets 44(3) Transaction Standards 47(1) Health Claims or Equivalent Encounter Information 47(3) Eligibility for a Health Plan, Inquiry, and Response 50(2) Healthcare Claim Status, Inquiry, and Response 52(2) Referral Certification and Authorization 54(1) Identifiers 55(2) The Privacy Team 57(66) Start With the Basics 58(11) A Quick Overview of the Privacy Rule 58(1) Patient Rights 59(4) What Does It Mean to Be a Covered Entity? 63(1) Who's Enforcing the Privacy Rule? 64(1) Protect Patient Confidentiality 65(1) Designate a Privacy Official 66(2) Designate a Privacy Team 68(1) Develop a Budget and Time-and-Task Chart 68(1) Start Now---Right Now 68(1) Develop Your Notice of Privacy Practices 69(3) Know How and When to Distribute the Notice of Privacy Practices 70(1) What to Do if Patient Refuses to Sign 71(1) Revising the Notice of Privacy Practices 72(1) Get to Know the Six Patient Rights 72(12) A Patient Can Make a Request to Any Staff Member 74(1) Requests for Further Restriction 75(1) Request for Alternative Communications 76(1) Access to Information and Right to Copy 77(2) Request to Amend Protected Health Information 79(1) Accounting of Disclosures 80(2) File a Complaint 82(1) No Retaliation 83(1) No Waiver of Rights 84(1) Use and Disclosure of Protected Health Information 84(10) Map Out How Protected Health Information Flows Through Your Office 84(2) Permitted Incidental Disclosures 86(1) When Are You Required to Obtain Permission to Use or Disclose Protected Health Information? 87(4) Uses and Disclosures for the Public Good 91(2) Minimum Necessary 93(1) Review and Implement HIPAA's Administrative Requirements 94(14) Designate a Privacy Official 95(1) Designate One Person to Be the Contact Person to Receive Complaints 95(1) Develop HIPAA Policies and Procedures 95(2) Revising Your Policies and Procedures 97(1) Develop Documentation Procedures 97(1) Workforce Training 98(1) Develop Internal Sanctions If an Employee Breaches Privacy Policies 98(1) Develop a Process to Mitigate Breaches 99(2) Develop Administrative, Technical, and Physical Safeguards 101(7) Special Requirements 108(5) Verify the Identity of the Person Who Requests Access to Protected Health Information 108(1) Verify Personal Representatives 109(1) Minimum Necessary Special Requirements 110(1) Special Requirements for Marketing 110(1) Psychotherapy Notes 111(1) Policies and Procedures Consistent with Notice of Privacy Practices 112(1) State Laws 112(1) Develop Business-Associate Contracts with Your Vendors 113(3) Contents of the Business-Associate Agreement 115(1) Deadline for Business-Associate Agreements 115(1) Work with Legal Counsel to Assess Your Compliance Status 116(1) Train Your Staff 116(4) Implement Your Plan and Evaluate Your Compliance Status 120(3) Security 123(40) About HIPAA's Security Rule 125(6) Security Standards 131(3) General Rules 132(2) Administrative Safeguards 134(17) Standard: Security-Management Process 135(2) Standard: Assigned Security Responsibility 137(2) Standard: Workforce Security 139(2) Standard: Information Access Management 141(1) Standard: Security Awareness and Training 142(3) Standard: Security Incident Procedures 145(1) Standard: Contingency Plan 146(2) Standard: Evaluation 148(1) Standard: Business-Associate Contracts and Other Arrangements 149(2) Physical Safeguards 151(6) Standard: Facility Access Controls 152(2) Standard: Workstation Use 154(1) Standard: Workstation Security 155(1) Standard: Device and Media Controls 155(2) Technical Safeguards 157(6) Standard: Access Control 157(1) Standard: Audit Controls 158(1) Standard: Integrity 159(1) Standard: Person or Entity Authentication 160(1) Standard: Transmission Security 160(3) Communicating HIPAA: Inquiring Patients Want to Know 163(20) Why Talk about Communication in a HIPAA Book? 164(1) What HIPAA Says about Oral and Written Communication 165(3) Oral Communications in the Medical Office 165(1) Written Communications in the Medical Office 166(1) Incidental Uses and Disclosures 167(1) How the Staff Can Confidently Deal with HIPAA 168(2) What Patients Want to Know about HIPAA 170(3) Customize Your Internal and External Communication Plan 173(4) Develop an Internal Communication Plan 173(2) Develop an External Communication Plan 175(2) HIPAA Crisis-Communications Management 177(6) HIPAA Compliance Costs and Return on Investment 183(14) Questions to Ask as You Build a Budget and Determine Your Return on Investment 184(1) Putting Your Team Together 184(1) How Much Will You Save? 185(1) Will E-Communications Enhance or Detract from Patient Relationships? 186(1) Internal Investment versus Outsourcing 187(1) Costs of Technology versus Costs of Policies and Procedures 188(3) How to Use Your Workforce to Reinvent the Future 191(2) Raising the Bridge and Lowering the River 193(1) Your Accountability with Other Healthcare Paradigm Shifts 194(1) Going Forward 195(2) Appendix A 197(30) Notice of Privacy Practices Required Language 198(3) Notice of Privacy Practices Receipt 201(1) Request to Access Records 202(1) Sample Authorization 203(2) Request to Amend Records 205(2) Request to Restrict Uses and Disclosures of Protected Health Information 207(2) Request for Alternative Communications 209(2) Sample Complaint Form 211(1) Follow-Up on Privacy Complaint 212(1) Medical Privacy---National Standards to Protect the Privacy of Personal Health Information: Sample Business Associate Contract Provisions 213(6) Privacy Official Job Responsibilities 219(2) Security Official Job Description 221(3) Twelve-month Training Calendar 224(3) Appendix B 227(6) Check for Understanding Self Test 227(5) Answers to the Check for Understanding Self Test 232(1) Glossary 233(12) Index 245