• E-mail
• Print
• RSS

Have there been any changes to HIPAA?

Healthcare Auditing Weekly, May 17, 2004

Q: It's been one year since the privacy rule kicked in. Are there any changes to the rule? Do I need to be doing anything more in my organization?

A: Although HHS reserves the right to make annual changes to the rule, there are none so far. That's the good news for organizations struggling to keep up. However, you are required to keep your privacy and security programs active. Continue to monitor and improve your programs. Don't let your organization think of privacy and security as one-shot efforts.
This one-year anniversary is an excellent time to perform a review of your privacy practices. News reports continue to indicate that some organizations need fine tuning.

For example, patients in several facilities are not being told that they have several choices under the privacy rule when it comes to being listed in directories and on clergy lists. Further, the implications of an opt-out choice are not always fully explained.

Some facilities still do not have a procedure for handling patient-authorized visitors when the patient has opted out of a directory. The privacy rule is meant to benefit patients, not harm them. The fallout could be an upset patient or family, and result in a complaint filed with HHS.
The one-year mark is also an opportunity for a work force privacy- and security-awareness refresher. Remember that people need reminders to learn and change behavior.

Editor's note: This question was answered by Kate Borten of The Marblehead Group, Marblehead, MA.

• E-mail to a Colleague
• Print
• RSS
• Archive