Beating the April 14 Deadline:
Some resources to get you started or keep you going.

Perhaps you are running a little behind and need to get started with the HIPAA compliance effort or need some additional information about what you need to do. A good start is to take a look at the Ten Minute HIPAA Overview. It focuses primarily on the privacy provisions of HIPAA and gives you a quick look at what HIPAA is all about. If you want a more in-depth review, you can go to the web cast of the HIPAA Privacy Workshop held in Bismarck ND on November 26, 2002. You can view the entire three-hour workshop or those portions where you feel you need additional information.

The HIPAA Internet Resources gives you many references where you can go to get some manuals, view private and governmental websites, and find other resources to work your way through the HIPAA process. If you are short on the policies and procedures or forms needed to implement HIPAA look at some of the manuals available from national organizations and other sources. Sure, they may cost you a little, but non-compliance can cost you more. You can link to your State Pharmacy Association to see what materials they are offering and the assistance they can provide.

The Glossary of HIPAA Terms serves two purposes. It will give you knowledge of the terms that are used within HIPAA so you will know what is meant when they are discussed in the rules and various policies that you will need to develop. The second purpose is that in many cases the definitions can actually point out some specific actions you will have to take to become HIPAA compliant. They are an excellent resource for your efforts.

The Privacy Official is the person that gets your effort started. The Privacy Official Job Description: Position Overview is taken from the privacy regulations and spells out what the duties of the Privacy Official are. Remember that the Privacy Official needs to be appointed in writing. If you are hard pressed, take this job description, write the name of the person in your pharmacy who is going to be the Privacy Official, date it, and use the document as an appointment document and job description. You can dress it up with a cover notice type appointment and a more formal job description but this could do. Your Privacy Official duties can be performed by anyone in the pharmacy and work does not stop with the April 14 deadline. Your Privacy Official will have many things to do following the deadline and really needs to be the expert in your pharmacy.

You donít know what you have to fix with your privacy efforts until you do a Pharmacy Privacy and Security Walk-Through. This checklist gives you an idea of some things that need to be looked at so you can insure there are no gaps in your privacy efforts. The Privacy Official should make the walk-through and look at the pharmacy through the eyes of an outsider. Other members of the staff can do so as well. Remember that this should be a team effort and different perspectives will help you close all the privacy gaps that may exist in your pharmacy.

The Plan for HIPAA Privacy Compliance gives you a timetable to complete your efforts prior to April 14, 2003. The longer you wait, the more it will have to be compressed. You canít hide from the HIPAA Privacy deadline because all other healthcare providers have been busy doing the same things you are doing here. Patients will be receiving a variety of Notice of Privacy Practices from various sources and if you are not ready, you could become a target for legal action.

Policies, procedures, and forms drive HIPAA. The Documents, Policies, Forms and Letters To Be Developed pages outline the minimum that you should be developing. We have keyed the documents on this page to those templates that are available in the Agent 77 HIPAANow! Manual and the NCPA Handbook. You can develop these forms, letters, policies, and procedures from scratch or through some other sources. If you are hard pressed, one of the manuals listed may be the convenient way to go.

An important part of HIPAA compliance is to have your workforce trained. The training is not optional but you have the option of training different staff members related to the access they have to protected health information. The HIPAA Privacy Training discusses the privacy rules for training and the documentation required. You can train your workforce through a variety of sources ranging from automated Internet sites to paper documents that you develop in your pharmacy. An important part of the training is that one size does not fit all. Be sure to include your policies, procedures, forms, letters, and Notice Of Privacy Practices in all training efforts.

The Notice of Privacy Practices Ė General Information is a key point for HIPAA implementation and is the area of HIPAA that your patients will see first. This document outlines what must be included in the Notice of Privacy Practices (NPP) and describes how it is to be distributed. We have also discussed how the patient is to acknowledge receipt of the Notice and have included a sample NPP Receipt Acknowledgement Form. This form is a way that you can collect the names and then check them off as you enter the acknowledgements into your prescription filling software. Watch for electronic signature capture devices that are being introduced to take care of this for you. You only have to collect the acknowledgement once, even if you change your NPP at a later date. It is important that you retain the paper documents for six years but also show the acknowledgement in your software so you will know who has received the notice.

The Business Associate Contract is a complex requirement that in most instances requires April 14 compliance. The Business Associates overview provides some background on the Business Associate requirement. The Sample Business Associate Contract Provisions is taken from the final privacy rule and serves as an excellent template for Business Associate contracts that you will need to distribute to your software vendors an others who may use the protected health information from your pharmacy to assist you with your business activities. This section is very brief and you should look at additional resources to insure that you are completing this requirement accurately.

HIPAA LEGAL NOTICE: It is acknowledged that HIPAA, ASCA, and other regulations and statutes are law, and that all interpretation of law should involve licensed attorneys in good standing with their local Bar Association. The forgoing is provided for educational or discussion purposes only. The author accepts no responsibility for its accuracy, review, distribution, or use in any way. You assume responsibility for understanding this material and its applicability and/or use. The above may need to be interpreted by your attorney as needed to conform with federal or state law - your use of this information must always be reviewed and approved by your own attorney prior to use, application, or implementation.



Updated on Monday, February 17, 2003
If you encounter any problems with this site email the webmaster
© 2002 APT, Inc. Designed, Maintained and Hosted by APT, Inc.