Tips: Keep Your Website HIPAA Compliant
|
It's been a number of years now since HIPAA made its first big entrance onto the healthcare scene. But, that doesn't mean your practice can relax in its compliancy! If your practice has a web site, here are a few HIPAA tips and reminders that you should carefully review. A practice is considered a 'covered entity' (e.g. a health care provider who transmits any health information in electronic form). Every covered entity needs to have both a HIPAA Privacy Policy and a HIPAA Privacy Officer in place. As per the HIPAA website "… a covered entity is required to develop and implement policies and procedures appropriate to the entity's business practices and workforce that reasonably minimize the amount of protected health information used, disclosed, and requested;" - HIPAA Privacy Rule 45 CFR Part 160 Fortunately, these policies do not have to be created from scratch, and many suitable templates exist. Your website has to carry a copy of your policy for visitors to be able to access. As part of our service at EyeCarePro.net, we provide all clients with a suitable HIPAA policy. Once you login to your account you can access your sample policy by selecting the HIPAA site section located in the Edit Site tab. You may select either the AOA Policy, the generic HIPAA Form, or select to use a custom form (which you must copy and paste into the appropriate field). If your practice opts for a custom HIPAA policy, you must ensure that the policy is adequately complete. If it is not adequate, the policy threatens to compromises the practice's HIPAA compliance. You may want to have a HIPAA specialist review your custom policy if you choose to go that route. You must also indicate the effective start date of the policy. This can be done by filling a date into the Effective Notice field on the same screen. Every covered entity must also have a Privacy Officer. The Privacy Officer is responsible for implementing and overseeing the practice's privacy policies and procedures. The Privacy Officer oversees all activities related to the development, implementation, maintenance of and adherence to the practice’s policies and procedures addressing privacy and access to protected health information. The Privacy Officer assures compliance with HIPAA and all other federal and state rules and regulations pertaining to use and release of protected health information. Usually, the office manager takes this role. Keep in mind, though, that as the practice owner, you are the one on the hook for non-compliance. Make sure your Privacy Officer understands the entire scope of your HIPAA obligations. The Privacy Officer's name and contact details are also required. EyeCarePro.net will automatically provide the practice's contact details on the HIPAA page of your site. You simply need to fill in the Privacy Policy Officer's name in the Contact Officer field. For more information about the full requirements of HIPAA, please visit the HIPAA home page. Daniel is the Managing Director of EyeCarePro.net (http://www.eyecarepro.net), a preferred Provider of the American Optometric Association for building web sites for optometrists. Daniel also specializes in SEO for optometrists and is the Editor of Optometry Web, a newsletter singularly focused on helping optometry practices make the most of their web sites. |
“... ... Patients ARE finding us ..."
|
| < Previous Article | ^ Back to Volume Home |