• E-mail
• Print
• RSS

Weigh requirements, desire to keep patients informed when changing your notice of privacy practices

HIPAA Training Advisor, June 1, 2006

Since the privacy rule's compliance date, organizations have had a chance to see their programs in action. Today's better understanding of the rule and its requirements-as well as changes in state law-may necessitate updates to your notice of privacy practices (NPP).

However, you don't need to redistribute your new notice to every patient and obtain written acknowledgment of receipt all over again. It depends on your facility type.

The rules are different for health plans than they are for providers, says David J. Zetter, PHR, CHCO, CHCC, CPC, a consultant at Health Care Professional Management Services in Mechanicsburg, PA. Health plans must provide their NPP to all covered individuals within 60 days of a material revision, but HIPAA doesn't require providers to do the same when they make changes, he says. "In fact, doing so is a waste of time and money."

Use the following tips to ensure compliance and patient satisfaction regarding your NPP:

• Avoid noncompliance
  If you are a provider, you don't need to tell every patient about every change to your notice, says Zetter, but you do need to take the following steps:
  1. Begin handing out the revised notice to new patients
  2. Make the new notice available to existing patients
  3. Change the notice's effective date to the revision date
  4. Destroy all but one copy of your old notice to demonstrate prior compliance
  5. Replace old notices posted around your organization or on your Web site with the new one

  Doing the above ensures that you will remain in compliance with the privacy rule. But if you truly want to keep patients informed, you can further your efforts.

• Get the message out
  Just because HIPAA doesn't require providers to redistribute their NPPs, doesn't mean that you can't do it on your own, says Vicki Hohner, senior consultant at FOX Systems, Inc., in Scottsdale, AZ. Even if you decide not to, it's still a good idea to let patients know about changes, she says. "After all, one of the major goals of HIPAA is to have informed consumers."

  Simply posting your new notice on the wall or your Web site isn't enough because some patients won't notice it, says Hohner. Consider several methods for communicating changes (e.g., a note on sign-in sheets or bills, a postcard, or a short letter).

• Take into account the detail of changes
  Take into account how extensively you revise your NPP as you decide whether to go beyond HIPAA in notifying patients of the changes. "We probably won't alert patients if we make a minor change like correcting a typo," says Kathy Gilles, CHC, corporate compliance and privacy officer at Evergreen Healthcare in Kirkland, WA. "But we definitely will if we make a more significant change."

  For example, a change in state laws in which a new law is stricter than HIPAA, could cause the organization to change its notice, she says.

  If Evergreen Healthcare makes a significant change to its notice, it provides the new notice to new patients at various registration points and posts it in a prominent location and inside the facility. It also alerts patients of the change with a short blurb on its Web site and a story in its district newsletter, says Gilles.

• Maintain open communication with patients
  Your notice should state that your organization reserves the right to make revisions, and that you're not obligated by the privacy rule to alert patients of changes. But maintaining open communication will work to your advantage, she says. "When HIPAA first came out, we all experienced some misunderstanding on the part of patients. The more you can educate them, the better."

Editor's note: Adapted from "Weigh requirements, desire to keep patients informed when changing your notice of privacy practices," Briefings on HIPAA, May 2006.

• E-mail to a Colleague
• Print
• RSS
• Archive