Protecting our patients’ privacy is important to this practice. We also wish to make every effort to comply with state and federal privacy laws.
Rules:
- We are responsible for keeping our patients. Protected Health Information (PHI) confidential. PHI includes all medical records and health information of an individual. PHI is in many forms: paper, electronic, oral and includes our computer files, paper files, computer disks or tapes, insurance statements, prescription forms, lab reports, correspondence from other doctors, patient forms, email, explanation of benefits notices, treatment authorizations, collection documents, conversations between doctors and staff, faxes regarding patients and so on.
- Our practice has a Privacy Officer, Dr. Sanders, who makes sure we comply with the privacy laws. See Dr. Sanders for any questions regarding patient information privacy. Send all information, questions and paperwork related to this policy to Dr. Sanders including patient forms, complaints, requests for file changes, questions, violation reports, contracts and requests for or access to PHI.
- All staff, including doctors, part-time staff and others who work here must be trained in the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule. Reading this policy is part of that training. You will be asked to sign a form stating you have read and understand your role in maintaining our patients’ privacy.
- All current patients and all future new patients will be given a copy of “Notice of Privacy Practices” that explains their rights according to the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule. We will ask each patient to sign the notice showing they received the notice and keep the form on file. Each patient may have a copy of the notice. This Privacy Notice is attached. Please read it to ensure you understand and will support our patients’ rights.
- PHI is available to those in the practice who need it to do their jobs. The Privacy Rule does not restrict its use in treatment, payment or routine healthcare operations. For example, when we refer a patient to another doctor, he or she can have as much access to PHI as he or she needs or wants. However, if you or others do not need access to PHI to do your job, your access is restricted.
- When we release PHI to non-healthcare people, we will only release the PHI that is needed for their purpose and only after the Privacy Officer and doctor approve the release. For example, if a patient wants a copy of his last five billing statements that is all we provide. We do not give him a copy of his entire file unless he asks for it and even then, we may not give him everything as state and federal laws want the doctor to use judgement in giving PHI to patients (e.g., information that may harm the patient or someone else).As another example, if a life insurance company has signed permission from a patient to release his or her exam results, we only give the exam results.
- So when asked for PHI, simply get the request in writing and promise to pass it on to the Privacy Officer.
- Except for ourselves, we do not allow anyone to use our patient lists or information for marketing purposes.
- Outside firms and workers, who do not work here, may have access to PHI if they sign a Business Associate contract. For example, a software technician or consultant may look at PHI as long as he or she has signed the contract.
- Do your part to keep PHI private and secure. For example, follow all the procedures for security and privacy the Privacy Officer gives you. If you discuss cases outside the office, do not include anything that can identify the person, such as the individual’s name.
- Any violations of the Privacy Rule, the state privacy laws or this policy must be corrected. All violators will have reports of the violation filed in their personnel files. Repeat violations may result in a suspension or termination.
- If you see or know of a violation of this policy or the privacy laws, please report it to the Privacy Officer, preferably in writing. By law, you cannot be punished for reporting a violation.
- This practice can be fined and violators can be jailed for violations of this law. For example, if one of our staff members secretly made a copy of our overweight patient’s names and mailed a letter to these patients to sell a weight-loss product, that person could be fined and jailed by the government and then sued by the patients. The practice could also be penalized for hiring and trusting such a dishonest person. On the other hand, the lawmakers understand slips and mistakes are inevitable. For example, you accidentally mention a patient’s name and condition to the wrong person. Just be sure to take steps to prevent similar mistakes in the future.