HIPAA In the Cloud - Part 2: Resources
Disclaimer: Neuropsych Now offers the following article and related HIPAA and HITECH articles as sources of information only. Articles are not intended to provide definite, complete advice for adherence to the HITECH Final Rule 2013 changes. Neuropsych Now is not providing professional advice, and are not HIPAA gurus.
The previous post covered fundamental issues related to storing, maintaining, and transferring PHI. This post provides resources specific to the Privacy & Security rules.
Resources to Read
For the next 3 days, take 30 minutes each day to read these:
- Surprisingly readable, this is a comprehensive Guide to Privacy and Security of Health Information from the Office of the National Coordinator for Health Information Technology.
- For an excellent list of resources, head over to their main resources page.
- For reference, here is the link to the HIPAA Health Information Technology page.
Resources to Use
We all provide patients with information about privacy practices (right?). HITECH, however, changes the how, what, when, why and where of exchanging ePHI. As a result, private practitioners and hospitals alike must update their Notice of Privacy Practices. Trying to determine what specific information should go into such a notice from reading the HITECH documentation could be challenging.
The American Psychological Association has put together a package of model privacy notices that are compliant with the upcoming changes. Importantly, there is an associated cost ranging from $225 to $600. Fortunately, there are some free resources that may get you where you need to go, including this model Notice of Privacy Practices, made available by the Department of Health and Human Services Office of Civil Rights. It’s not obvious, but you can download it and customize this form with your practice’s information. Just use a a PDF reader or an internet browser.
Stay tuned for more!