HIPAA Documents - For compliance with the HIPAA Privacy RuleApril 10, 2003The HIPAA privacy regulations require preparation of several legal documents to be used in the physician's medical practice. The following forms do not constitute legal advice. The forms should be used for educational purposes only and are intended to provide general guidance on style and format. You should consult your own legal counsel in order to assist you in drafting your own forms to ensure that the forms are compliant with all relevant federal and state laws.
SAMPLE: Authorization Form (.doc, 3 pages)
Generally, authorization from the patient is required for all disclosures of protected health information that are not otherwise permitted or required by HIPAA. Examples are disclosure of PHI to: Life/Disability Insurers, Schools, Camps, Employers, Research purposes.
SAMPLE: Accounting of Disclosures (.doc, 1 page)
Covered Entities must have a process to account for disclosures of PHI for purposes other than treatment, payment, health care operations, to individuals or their representatives, and pursuant to an authorization. The accounting must be provided to a patient within 60 days from the date of their request. Examples of situations to be accounted for: Mandated State reporting of communicable diseases, Adverse Reaction report to FDA, disclosures to DSS.
Physicians must provide their patients with a notice of their privacy practices in order to be in compliance with the rule.
The following information from AHIMA may be helpful:
Notice of Privacy Practices (AHIMA Practice Brief)
Sample Notice of Health Information Practices
| privacy rule,hipaa,authorization,disclosure,deadlines,timeline |
|
