The Tao of HIPAA: Authorization Forms

The Tao of HIPAA
Authorization &
HIPAA Notification Forms

"Master, are there any requirements for us to follow in our business practices when we release or use the protected health information?" asked the novice.

"Yes," replied to Master, "You must obtain authorization signatures and document what you have used this information for and to whom it was given."

"The only exception is when you use the information for normal business practices involving Treatment, Payment or regular Operations. No signature is required from your employees to give this information to an insurance company or Broker in making application for medical coverage."

"Any other request or use of the information requires a signed Authorization. And this Authorization must be limited in its scope and duration. It is important that you verify that each use is authorized by a current, up to date Authorization. For it is written that to do otherwise is a violation of HIPAA."

"Must we tell the people we serve of these requirements?" asked the novice.

"Yes, it is written that you must provide a Notice of Privacy Practices to your employees," said the HIPAA Master. "In this notice you must detail what your practices and procedures are. It must be made available on request, or distributed."

"But how can we confirm that the people we serve have received a copy of this Notice?" asked the novice.

The HIPAA Master nodded encouragingly.

"As you are thinking, it is important you can document that your employees DID get the notice," stressed the HIPAA Master. "Even though the laws of HIPAA do not require a signature it is good for you to have one on file. The HIPAA Masters at HIPAAps.com provide a Acknowledgement of Receipt of this Notice as documentation. Remember, even the Masters have Masters. What I know of HIPAA was learned from these HIPAA Masters."

"So if we implement the Authorization, the Notice of Privacy Practices with the Acknowledgement Receipt of the Notice, are we on the path of HIPAA enlightenment? asked the novice.

"You will merely have taken the first step," said the Master. "Grasshopper, this is only the beginning. You must change other procedures and practices to be truly HIPAA compliant. And you must train the people of your office and show them the light of HIPAA, or it is as though you have done nothing."

next page