Corporate Compliance

HIPAA Q&A: Are annual HIPAA updates necessary?

Compliance Monitor, November 30, 2011

Q: Our HIPAA updates generally occur when a change occurs in a patient’s family (e.g., separation, divorce, death). Should this occur more frequently? We’ve reviewed the regulations and found nothing that mandates regular updates. Nor have we found forms to facilitate regular updates.

A: No rule requires you to reissue the Notice of Privacy Practices on a regular basis. You are required to provide the notice at the beginning of care and to obtain written acknowledgment of its receipt or document efforts to do so if a patient declines. If you revise the notice, you must post this information and inform your patients how to obtain a copy of the revised notice. However, many practices ask patients to sign new consent forms annually. This is not required, but doing so provides an opportunity to distribute additional copies of the notice.

Ensure that you post your notice in your reception area and on your website. Remember that the purpose of the notice is to explain to patients how your facility uses their information; the more you educate patients about this, the better.

Editor's note: Chris Simons, RHIA, director of utilization management and HIM, and privacy officer at Spring Harbor Hospital in Westbrook, ME, answered this question. This information does not constitute legal advice. ¬Consult legal counsel for answers to specific privacy and security questions.

Most Popular