Updated: Dec 30, 2020
The Privacy Rule requires of the average health care providers or health plans to:
Notify patients about their privacy rights and how their information will be used. They can accomplish this task through the Notice of Privacy Practices.
Adopt and implement privacy procedures for their practice, hospitals or health plans.
Train their employees about those privacy procedures.
Designate a privacy official to ensure adoption of, and compliance to those privacy procedures.
Secure patient records in such a way that those who do not need to know the information contained in the records, do not have access to those records.
The Privacy Rule is flexible in the sense that it allows health care providers and health plans to create their own privacy procedures that are suitable to their size and needs. The Privacy Rule is scalable, compared to any single standard, in its efficient and appropriate means to safeguard protected health information.
For example: The Privacy Official may carry many other non-privacy related hats. The Privacy official may be a part-time at a small clinic, or full-time position at a large health care organization.
The training requirements, at a small clinic, may be satisfied though distribution of a copy of its privacy policies to all new members of its workforce, and documentation of their reviewing of those policies; whereas live instruction, video presentations, or interactive software programs may be the training practice at a large health plan or health care organization.
The volume of health information maintained will vary from one practice to another, from one health plan to another, based upon their size. So will the traffic from within and the outside of the health care system. Thus, the number of policies and procedures will also vary. #hipaa, #hipaacompliance, #privacy, #security, #trainings, #policiesandprocedures