Cornish: Although the Notice of Privacy Practices
as contributing entities may not specifically mention a CDW, any patient who has been treated at one of these entities will have data deposited in the data warehouse.
(81) Regardless, GLBA still provides some improvement with respect to notice of privacy practices
by requiring that privacy policies be "reasonably understandable," which eliminates a substantial barrier for consumers, who are often faced with privacy policies that are difficult to locate and understand.
For example, in a recent random survey of about 40 patients, several individuals said that their provider representative gave directives such as, "You need to sign this HIPAA thing," when handed the Notice of Privacy Practices
. The great majority of participants indicated that the provider's focus was on signing the form, not on explaining their privacy rights.
* Ensuring that a pharmacy's notice of privacy practices
is readily understood.
Instead, providers would be required to make a good faith effort to obtain the patient's written acknowledgement (45 CFR [section] 164.520(c)(2)(B)(ii)) of receipt of the notice of privacy practices
. The version also emphasized the providers' obligation to use and disclosure only the "minimum necessary" (45 CFR [section] 164.514(d)) information needed to effectuate the care, payment or health care operation associated with that exchange.
The notice of privacy practices
must reflect more stringent state laws, and the privacy policies and procedures need to include compliance with all relevant laws and regulations, including appropriate state laws, Ms.
* Notice of Privacy Practices
: Upon first contact with a new patient, a Notice of Privacy Practices
must be presented to advise the patient of his/her rights under HIPAA.
For the purposes of HIPAA and information of this type, the employer is required to provide a "notice of privacy practices
" to employees, as well as additional confidentiality and security protections for the information provided.
Table 1 HIPAA: Privacy Requirements, Related Policies, and Compliance Privacy Requirement Related Policy(s) Notice of Privacy Practices
* Upon admission, all patients will receive a copy of the Notice of Privacy Practices
that describes how their PHI will be used and disclosed and their rights with respect to this information.
To avoid a logistical nightmare on April 14, many pharmacies intend to begin providing their notice of privacy practices
to patients and begin collecting signed acknowledgments from them well in advance of the compliance date.
For the privacy regulations, health care providers have to develop a notice of privacy practices
to be distributed to patients, customers or beneficiaries under a covered health plan.
* eliminates the requirement that providers obtain consent for treatment, payment, or healthcare operations; rather, providers will need to make a good-faith effort to obtain a patient's written acknowledgment of receipt of the provider's notice of privacy practices
(assuming, of course, that the provider has created such a notice).