HIPAAcomply FAQ's - Project Management

Project Management

I am writing a HIPAA privacy policy for my company (I work in Human Resources). Are there some examples of policies other companies have used that are accessible to me?
A Privacy Policy is not a cut and paste operation. The policy must reflect your organizations policies and procedures for individual processes. You can certainly get an idea of what some of these policies entail and can find books with many of these policies generalized. Some of these documents may also be found on the internet. I caution you to make these policies adaptable to your processes. Since you work in the banking industry, I suggest you start first with other banking organizations for assistance. (Posted 7/10/03)

I am starting my own private practice and want to ensure that I am complying with HIPAA standards. I have downloaded information re: standards and procedures. Do I need to take anymore steps (i.e. register with HIPAA)?
HIPAA really involves much more than a collection of policies and procedures. At a minimum, you really need to understand how the HIPAA regulations will apply to you. The term HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It was enacted by Congress and the Department of Health and Human Services. There is no "registration with HIPAA". HIPAA has three major components. The first, Privacy, goes into effect on April 14, 2003, and involves certain patient privacy and safeguard provisions that must be adhered to by providers and payers. The second, transactions and code set standardization, effective October 16, 2003, impacts those providers and payers who transmit electronically with each other. The third component, Security, will be effective in 2005. The major tenets of the security regulations involve certain policies and procedures governing the security of Protected Health Information.

The best place to start for you in your new venture would be to first gain an understanding of how the regulations will affect your practice and the steps needed to conform with the regulations. This is typically done through educational seminars, local provider and payer groups, attorneys and consultants. All of these entities and others could be valuable resources for your HIPAA compliance.

HIPAA has been called the most sweeping healthcare legislation in over 35 years. Going into it without understanding the ramifications could be perilous. (Posted 5/15/03)

Where can we find specific resources with regard to HIPAA guidelines for DME/Rehab equipment providers?
I wish I could offer a quick fix through a book but I have not found one that will produce results you need. It would better suit you to have someone do a one or two day audit, depending on the size of your facility, to capture your liabilities and offer solutions based on your situation and at the same time educate your staff. HIPAA is based on reasonable safeguards on an individual basis. (Posted 5/15/03)

Please advise what references I can use from the Public Library for compliance information for a small 1 doctor/1 billing person office.
I wish I could offer a quick fix through a book but I have not found one that will produce results you need. It would better suit you to have someone do a one or two day audit to capture your liabilities and offer solutions based on your situation and at the same time educate your small staff. HIPAA is based on reasonable safeguards on an individual basis. (Posted 5/15/03)