The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants

NPP “Game Changer” Replaced Use of Consents

[By Richard J. Mata; MD, MS]

In its most visible change, the privacy regulations of HIPAA require covered health entities to provide patients with a Notice of Privacy Practices (NPP).

The NPP replaces the use of consents, which are now optional, although they are recommended.

The NPP outlines how PHI is to be regulated, which gives the patient far-reaching authority and ownership of their PHI, and must describe, in general terms, how organizations will protect health information.

THE NPP Specifics

The NPP specifies the patient’s right to the following:

• gain access to and, if desired, obtain a copy of his or her own health records;
• request corrections of errors that the patient finds (or include the patient’s statement of disagreement if the institution believes the information is correct);
• receive an accounting of how their information has been used (including a list of the persons and institutions to whom/which it has been disclosed);
• request limits on access to, and additional protections for, particularly sensitive information;
• request confidential communications (by alternative means or at alternative locations) of particularly sensitive information;
• complain to the facility’s Privacy Officer if there are problems; and
• pursue the complaint with DHHS’s Office of Civil Rights if the problems are not satisfactorily resolved.

A copy of the NPP must be provided the first time a patient sees a direct treatment medical provider, and any time thereafter when requested or when the NPP is changed. On that first visit, treatment providers must also make a good faith effort to obtain a written acknowledgement, confirming that a copy of the NPP was obtained. Health plans and insurers must also provide periodic Notices to their customers, but do not need to secure any acknowledgement. Most Health Information Management departments that oversee the clinical coding of medical records also manage the NPP documentations and deadlines, but this may vary from hospital to hospital, or office to office.

Assessment

HIPAA requires no other documentation from the patient in order for information to be used or disclosed for basic functions, like treatment and payment, or for a broad range of other core healthcare operations. State laws may nonetheless require some kind of consent/authorization form from the patient for these purposes [It is common for institutions to claim, incorrectly, that HIPAA does].

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

• PRACTICES: www.BusinessofMedicalPractice.com
• HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
• CLINICS: http://www.crcpress.com/product/isbn/9781439879900
• ADVISORS: www.CertifiedMedicalPlanner.org
• FINANCE: Financial Planning for Physicians and Advisors
• INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors
• Dictionary of Health Economics and Finance
• Dictionary of Health Information Technology and Security
• Dictionary of Health Insurance and Managed Care

Filed under: Health Law & Policy, Information Technology | Tagged: david marcinko, DHH, EHRs, EMRs, HIPAA, medical records, notice of privacy practices, NPP, PHI, protected health information, Richard Mata, www.healthcarefinancials.com | 1 Comment »