APAC: A subsidiary of FPIC Insurance Group, Inc.
Committed to bringing exceptional education, service, and peace of mind





red flags rule

hcnn











• Determine if you are a “covered entity”.
• Create a HIPAA reference and resource file.
• Review the Privacy Rule - become familiar with its terminology and definitions.
• Appoint a “Privacy Officer” for your practice.
• Review and implement Privacy Officer responsibilities.
• Conduct a walk-though of your practice to identify privacy risk areas.
• Review all forms of electronic communication to identify privacy risk areas.
• Compile a list of who in the Practice can “use” and “disclose” PHI and to what extent.
• Update and develop job descriptions pertaining to PHI use and disclosure.
• Obtain a signed Workplace Confidentiality Agreement from all levels of staff.
• Modify all forms and authorizations currently in use, if necessary.
• Develop a list of your “Business Associates”.
• Implement a Business Associate Contract.
• Implement a Notice of Privacy Practices.
• Implement Privacy Policies and Procedures.
• Implement a Patient Consent Form.
• Implement a Patient Authorization Form.
• Implement a Request for Restrictions On PHI Use and Disclosure Form.
• Implement a PHI Inspection and Copy Form.
• Implement a Access Denial Form.
• Implement a Request to Amend PHI Form.
• Implement a Accounting of PHI Disclosure Form.
• Implement a Patient Complaint Form.
• Consider providing patients HIPAA educational pamphlets or brochures.
• Post a copy of your Privacy Notice in a conspicuous location.
• Conduct physician/staff training entailing HIPAA and your privacy policies.
• Measure Privacy Rule compliance – take corrective action.
• Seek legal or risk management guidance.

Disclaimer
NOTE: APAC provides HIPAA guidance as a benefit to its policyholders for educational and informational purposes only. Any representations or written reports rendered in conjunction with this benefit should not be considered a certification of HIPAA compliance nor should it be interpreted as offering legal, financial, or other professional services. Policyholders that are developing policies and procedures to comply with HIPAA’s Privacy Rule should seek legal and/or professional assistance to be sure that an appropriate compliance plan is implemented for their particular practice.

BACK TO HIPAA