I’m currently in the process of opening up a chiropractic office.
What do I have to do to become HIPAA compliant? Do I (and my employee)
have to take any type of test/training/fill out anything or is it just a
matter of doing certain procedures in my office the right way?
Here is a simple test to see if a person, business, or agency is a covered health care provider.
You must have a Notice of Privacy Practices available for all of your patients and document their signature. This NPP tells your patients how your office uses and discloses their protected health information. Education for all of your staff and documentation is mandated. We recently developed a training booklet for physician office practices, which provides scenario based training for staff on HIPAA awareness. You will also fall under the HIPAA security regulations and will need to train on these issues as well. Policies and procedures need to be developed to comply with HIPAA regulations and tracking mechanisms should be instituted.
There is no specific test that must be completed. Although you must document your training and your employee’s training and maintain that documentation for 6 years. You must also show ongoing training by documenting these efforts as well. HIPAA states that all employees must be trained on your HIPAA specific policies and procedures. As far as documents for compliance, there is not one document that must be completed that states you are in compliance. Your compliance will be shown by many efforts and documentation of those efforts such as acknowledgement of receipt from your patients of your NPP, signed authorizations for release of information other than for treatment, payment, or health care operations, and policies and procedures for privacy rights, etc.
Unfortunately, this is only scratching the surface, but do not let this overwhelm you. This process can be made scalable for your individual office. (Posted 5/29/03)
Could you please advise me as to whether or not have physicians sign
a confidentiality statement each time with their reappointment or to have
them sign a confidentiality agreement that would uphold during the entire
time they are employed with our organization? I would like them to but I
am having trouble finding documentation that supports this. Could you
If you choose to go the route of Business Associate instead of considering those employees part of your staff you will definitely need a Business Associate Contract with Target Optical. If Cole Vision/National has access to any records containing protected health information (PHI) you will also need a Business Associate Contract with that company as well. (Posted 5/15/03)