As a health care provider, it is your responsibility to be informed about the standards involving PHI under the HIPAA Privacy Rule. The HIPAA Privacy Rule details information on how protected information can be used and disclosed and what information is considered PHI. It also identifies the role providers have in informing patients of their privacy rights.
Health care providers have an obligation to provide their patients with a Notice of Privacy Practices. This notice, as required by the HIPAA Privacy Rule, gives patients the right to be informed about their privacy rights as it relates to their protected health information (PHI).
The main objective of the notice of privacy practices is to notify patients of their rights and how to exercise those rights. The notice should describe certain information in easy to understand terms:
- How the provider will use and disclose their PHI
- The rights patient's have regarding their own PHI
- A statement informing the patient of laws requiring the provider to maintain the privacy of their PHI
- Who patients can contact for further information regarding the provider's privacy policies
Before the first treatment of a patient, providers must present the notice before services are performed except in emergency situations. Patients must sign a written acknowledgement that they have received the notice of privacy practices. In emergency situations, providers are still required to attempt to provide the notice and have the patient sign the written acknowledgement.
Providers are not required to provide the notice of privacy practices each time a patient presents for treatment. HIPAA only requires a notice to be provided to patients once every three years or whenever changes are made to the notice.
The best way to make sure all of your patients are properly notified of their privacy rights are to post the notice in a highly visible location and have copies readily available for patients upon request.