HIPAA Refresher: Is your practice on top of NPPs?

By Ranadene K. Tapio, MBA, CMRS, CMC, Guest Contributor bio

I know, HIPAA is old news. And ALL of your offices are presenting your patients with a HIPAA Notice of Privacy Practices (NPP) already. Right?

Are you sure? Do you have systems in place to ensure this is being done? Do you work the front desk, so you know it’s getting done? Are you in the back office, and in charge of auditing patient files to make sure the NPP is on file?

For those of you who aren’t so sure, there’s no time like the present to get on top of this!

Each healthcare/medical provider office should have the NPP displayed in the office where it is clearly visible to their patients. The office should also be offering each new patient their own copy of the NPP. The patient should be signing a NPP Acknowledgement form, which is filed into the patient’s chart.

Does your office have a website? Recommend that they post their NPP on there as well.

If your office has never gone through and presented the NPP to ALL current patients, it’s time to get on track. We all know that it’s way past the deadline! Most healthcare/medical offices are covered entities; very few are exempt. Your office is out of compliance if this has not been done.

You can help your office get back on track by walking them through the process:

Do they even have an NPP? If not, help them write one.
Have procedures in the office changed or updated so that the NPP also needs to be updated? Help with that.
Any time there are significant changes to the NPP, ALL current and new patients need to be presented with the new NPP.

Remember, the NPP is usually lengthy due to the complexity required by the regulation itself. A written summary would not be acceptable because it would require the omission of language that protects a practice.

Under HIPAA, an individual has the following rights with regard to his/her PHI:

The right to consent to or authorize the use and disclosure of PHI.
The right to receive a copy of the practice’s Notice of Privacy Practices.
The right to request restrictions on certain uses and disclosures of PHI.
The right to request restrictions on how the practice communicates PHI to the patient.
The right to inspect and copy PHI.
The right to request an amendment of PHI.
The right to an accounting of the disclosures of PHI made by the covered entity for purposes other than TPO.
The right to complain about alleged violations to the practice and DHHS.

By helping your office with these tasks, they’re sure to see you as the professional you are!

Ranadene (Randi) Tapio is the president of MedCycle Solutions, which provides Revenue Cycle Management, Credentialing, Outsourced Coding, and Consulting Services to a number of healthcare providers in a variety of specialties. She holds an MBA in Healthcare Administration & Management and multiple professional certifications. You can reach Randi by email at Randi@MedCycleSolutions.com or call 320-290-6448.

Editor’s picks:

HIPAA Refresher: Is your practice on top of NPPs?

HIPAA data breaches in 2017: Another record breaking year!

Want to improve collections? Start by looking at your Patient Registration System

Compliance checklist

training on demand

connect with us

recent articles

Be smart about scheduling to retain hourly employees

Workplace political discussions: Strategies for handling what’s coming

How to handle a scamming, scheming staffer

How to make your best impression at a business lunch

‘I’m a threat to my boss because I’m smarter’

The power of emotional intelligence: A guide for medical office managers

Non-compete agreements and deceiving your employer

Navigating career growth: 6 advancement opportunities for medical office managers

tools you can use

Model Policy: Office Temperature

Model Policy: Substance Abuse and Fitness for Duty

Model Policy: Medications error reporting

Model Policy: Progressive Discipline and Employee Termination

Model Policy: Patient Billings Collection and Financial Policy