Need compliance advice? Here are a few tips
Need compliance advice? Here are a few tips
By Jack A. Rovner
The proposed administrative simplification rules tell providers and plans what they must do but not how they must do it. Implementation and compliance will require each provider or health plan, at minimum, to meet these requirements:
• Have written patient data privacy and electronic data security policies and procedures.
• Provide written notice to patients, enrollees, and others that explains, among other things, its patient data practices and the individuals’ rights and the procedures they can use to inspect, copy, correct, and amend their data and have an accounting of each disclosure not related to treatment, payment, or health operations.
• Use written contractual provisions with all business partners who receive covered patient data that require them to comply with its policies and procedures.
• Adopt administrative procedures for data access control, internal audits, chains of custody, and contingency and disaster recovery plans; physical safeguards for electronic hardware, software, portable media and access to them; and technical processes to protect, monitor, and control data access and prevent unauthorized access to or interception of transmitted data.
• Train and periodically refresh and recertify employees, volunteers, trainees, and other work force members under its direct control who may encounter covered patient data about its policies and procedures. Sanction work force members who violate its policies and procedures and have procedures to mitigate any deleterious effect of such violations.
• Use the standard data elements and code sets in all covered transactions.
• Follow all applicable state statutory, regulatory, administrative, and judicial law regarding patient data privacy that (a) provides greater protections or rights for individuals and is not contrary to federal requirements or that (b) relates to public health reporting or health insurance regulation.
• Designate a "privacy official" responsible for the development and implementation of data privacy policies and procedures and a "contact person or office" responsible for providing information and receiving complaints about its patient data privacy practices.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.