Staying HIPAA Compliant

 Hi this is Dave Kats, with Therapist Consultant and I have a tip for you.

Oftentimes we're asked, how do I stay HIPAA compliant? That's a weekend class and longer. In fact, if there's something that you need to hear every year. There are some basic things that you need to do just the basic basics to make sure that you at least have some of your bases covered. There are four forms that I'd like to talk to you about right now.
The first form is acknowledgment of receipt of privacy practices. Now I think that everybody uses, but you'd be surprised about one out of every 20 therapists is still not having patients fill out that form when you walk in the office. When the patient walks in the office the first thing they should be filling out is the acknowledgment of receipt of privacy practices policy. Which means you have offered them a copy of your privacy policy.
Now they sign that sheet, they sign about two-thirds of the way down. By the way, if they don't want to sign it, you just have to note that they refused to sign it and you can still treat them. I just want to tell you that. You should file that in their file folder in every case and every visit on the first visit on every patient.
The next form you need to have is the actual privacy policy. See, you had them sign a form that said we gave them the privacy policy. Now you have to give them the privacy policy. A lot of times the privacy policy is about five or six pages long. If you say I don't know where to get a privacy policy, just look on any therapists website because by HIPAA law, you have to have your privacy policy on your website.
It's usually on the front page down in the footer area, but it can be different areas other than that. You have to have a privacy policy in your office. It can be printed off that you give everybody a copy. Most people don't want it. You're going to have it laminated so they can look at it, but at least you have to have it there so it's available for them. That's the second form. The first one is the acknowledgment of receipt of privacy practices. The second one is actually the privacy policy itself.
The third thing you have to have is a HIPAA manual. Now it's very important to have a HIPAA manual. I suppose you can go online if you're not a client of ours and buy templates someplace and rearrange it a little bit. If you're a client of ours of course just download off our website and cut and paste, switch out the names and make it specific to you, a very easy task to do, but you have to have a HIPAA manual.
I had one office that came in, they were checked out by HIPAA. The compliance asked where the manual's at, when they showed them where the manual's at they just thumb through the manual and said okay and that's all they wanted to see. Now that's the third one. The fourth thing you have to have is business associate agreements. I talked about this a little bit a few weeks ago. You have to have business associate agreements which is just a five or six-page form that you have businesses sign that are doing business with you if they have any chance of seeing your patient records.
So if it's a software company or a hardware company that you're using, they might see your patient records. They have to sign a business associate agreement form with you. Now most HIPAA manuals have that as one of their forms. In fact, I imagine they all have them as one of their forms. You'll find that a lot of software companies and hardware companies they get asked for it so often that they have made their own form and they'll just send you one.
If you have a software company like Therapy Appointment or Therapy Notes or someone like that, you just ask them to send you their HIPAA, the associate business form and they'll send it to you. It's something that you can just download right where you're at. Now those are the four forms, though certainly won't in themselves make you HIPAA compliant but it will bring you a long ways as far as HIPAA forms are concerned.

This is Dave Kats. Thanks for listening.