HIPAA Omnibus Rule: How much time have you spent?

FierceHealthIT, one of the newsletters I monitor, just reported that the department of Health and Human Services Office for Civil Rights estimates that all healthcare organizations in total will spend 32.8 million hours implementing the new aspects of the HIPAA omnibus rule.

The bulk of that time–30.65 million hours–involves the dissemination and acknowledgement of privacy practices at provider offices, a notice published in the Federal Register reveals.

I recently went into a physicians office and needed to sign an acknowledgement that I had received their notice. Of course, I had not. I looked around to see if one was posted, as some offices do to make it a bit easier. When I did not spot one, I asked to see a copy. After a bit of rummaging in a desk drawer, I was graciously provided with a copy. It was a very nice, plain language policy that could easily have been framed and hung on the wall, or copied and included in the packet of materials I needed to sign. But it was not. I had to ask for it. In my humble opinion, that is not a dissemination of the privacy practices.

How does your organization handle this sharing of privacy practices? Do you provide a copy for every new patient when they arrive at your offices and complete your intake paperwork? Do your staff know exactly where it is located and just what it means in case they are asked? Have you forgotten all about this requirement that HIPAA places upon your organization?

I think this is especially important in behavioral health organizations where people are seen for sensitive reasons. Please share your strategies for disseminating your privacy practices. I would love to know how you handle this. Just enter your comments below.

0 thoughts on “HIPAA Omnibus Rule: How much time have you spent?

  • Susan Hasselle says:

    I offer each new patient a copy with the option of taking it home or not, and ask that they sign that I offered it to them. Most sign but aren’t interested in taking home the extra document of my privacy practices.

    • But what is it that they sign, the actual notice of privacy practices or a statement that they saw it. Some practices never show clients the notice. They just have them sign an acknowledgement that they saw the notice even though they have not done so.

  • Laura Morrison says:

    I just finished writing up the Privacy Practices policies and procedures, based on the ones that APA recommends. I revised my notice of Privacy Policies to hand out to patients in August. I’ve been giving it to new clients, but will make a push to give it to all clients starting this week, handing it to them directly, since I don’t see much point in posting a four-page notice. I have them sign a page stating that they received it, but that page also includes a place for them to list their email address if they don’t want to take home a paper copy, and I follow through by emailing the notice to them. Most prefer this option, and I figure I’m not slaughtering as many trees, but they have it if they want to refer to it. But compliance with this has taken hours and hours of my time.

    Laura Morrison

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.