FierceHealthIT, one of the newsletters I monitor, just reported that the department of Health and Human Services Office for Civil Rights estimates that all healthcare organizations in total will spend 32.8 million hours implementing the new aspects of the HIPAA omnibus rule.
The bulk of that time–30.65 million hours–involves the dissemination and acknowledgement of privacy practices at provider offices, a notice published in the Federal Register reveals.
I recently went into a physicians office and needed to sign an acknowledgement that I had received their notice. Of course, I had not. I looked around to see if one was posted, as some offices do to make it a bit easier. When I did not spot one, I asked to see a copy. After a bit of rummaging in a desk drawer, I was graciously provided with a copy. It was a very nice, plain language policy that could easily have been framed and hung on the wall, or copied and included in the packet of materials I needed to sign. But it was not. I had to ask for it. In my humble opinion, that is not a dissemination of the privacy practices.
How does your organization handle this sharing of privacy practices? Do you provide a copy for every new patient when they arrive at your offices and complete your intake paperwork? Do your staff know exactly where it is located and just what it means in case they are asked? Have you forgotten all about this requirement that HIPAA places upon your organization?
I think this is especially important in behavioral health organizations where people are seen for sensitive reasons. Please share your strategies for disseminating your privacy practices. I would love to know how you handle this. Just enter your comments below.