Health Information Management

TIP: Create written policies

HIM-HIPAA Insider, December 21, 2009

Editor’s note: This is the fifth and final in a series of tips in HIPAA Weekly Advisor about preventing breaches. Next week, we begin a series of tips on handling an actual breach.

Prepare written policies that address the process for internal reporting. Consider what potential breaches need to be reported internally and to whom individuals should report these violations. Set time frames for reporting.

“In some cases, you don’t want to wait for the investigation team’s full report,” says Andrew E. Blustein, Esq., partner and cochair of Garfunkel, Wild & Travis’ Health Information and Technology Group in Great Neck, NY; Hackensack, NJ; and Stamford, CT. “Sometimes you want a flash report.”

This material is an excerpt from the HCPro, Inc., white paper, “HHS Breach Notification Interim Final Rule. Form Your Incident Response Team, Set Policies and Procedures to Comply with New Federal HIPAA Regulations.”

Most Popular