3 HIPAA Forms

Hi, I’m Dave Kats with Therapist Consultants. I have a tip for you.

Every once in awhile we talk about keeping you HIPAA compliant. I want to start out today with the basics of basics, and talk about just three things you need -- really three forms you need to be HIPAA compliant. The first one is the Acknowledgement Receipt of Privacy Practices Policy, which is the one page form that you have the patient sign when they come into your our office the first day. If you’re not doing that you’re absolutely are not HIPAA compliant and you need to start doing it right away. You need to start doing it immediately. It’s a one page form. Now remember, the patient has to sign that form. But sometimes with mental health patients are little concerned and little apprehensive, and sometimes they won’t want to sign a form like that. Well, that’s okay. They don’t have to sign the form. You just sign the form at the bottom that says I offered them my privacy policy so they didn’t want to sign this but I offered it to them, and then you can go ahead and treat them. That’s form number one, the Acknowledgment of the Receipt the Privacy Practices. Now what that Acknowledgement of Receipt the Privacy Practices is this that one form that they sign, it says this office offered me a copy of their privacy policies. Form number two, you have to have your privacy policies. That’s probably going to be about five or six pages long. You can find them about anywhere. In fact, I have to tell you that it is a law -- the HIPAA law, says that you not only have to have that available in your reception for them, but you have to have it available on your website. You have to have number one, the one page form they sign when they come in, which says that you have number two, this five or six page policy about your privacy that you can hand to them, or that you can have a folder holder on the wall, or that you can have laminated that they can look at and take a copy if they want. But you have to have the first form. You have to have the second form -- the Acknowledge of Privacy Practices, and then the Privacy Practices themselves. The third form that you have to have -- and this isn’t the only form you have to have, but these are the three major ones, is a Business Associate's Agreement. Now Business Associates Agreement is basically this, it’s a form that you have people sign other businesses that come into your business that may have a chance to see your patients’ files. Now it seems like everybody has to sign a Business Associates Agreement, but that’s not necessarily true. There are some people the government has excluded. For instance, if you are just a conduit -- a business that’s a conduit, you don’t have to sign a Business Associate Agreement. For instance the post office is just a conduit -- when you send the letter, they just take it and send it on. They’re a conduit. They don’t have to sign a Business Associate Agreement with you. Also financial institutions, because financial information is not part of the patient's PHI. Financial institutions do not have to sign a Business Associate Agreement with you. Then there’s one other group that doesn’t have to sign a Business Associate Agreement with you, if it’s someone who will never have a chance of seeing your patient files, even though they maybe in your office, then they don’t have to sign a Business Associate Agreement either. In other words the janitor wouldn’t have to sign a Business Associate Agreement, or the electrician that came in, or a plumber that came in, they wouldn’t have to sign Business Associate Agreements. Other than that you should have all your businesses that see your patients’ information sign this Business Associate Agreement. That means that they’re responsible if they leak any of that information, and that exonerates you. Now you have to keep those Business Associate Agreements, and so we three hold punch them, and we put them in the back of our HIPAA compliance manual that we have stored in our office. I would suggest you do that. In the back we have six or seven Business Associate Agreements in there that if we’re ever checked by HIPAA, we then know that we have compliant with the business associate arrangement. You should do the same thing. Make sure you do use those three forms. It doesn’t say that using those three forms will make you compliant, but without them you absolutely can’t be compliant. Make sure use those forms -- get them in play right away.

This Dave Kats, thanks for listening.