Develop and Implement Required Policies and Procedures
It is necessary to develop and implement written policies and procedures that comply with federal laws governing the privacy of PHI. The policies and procedures should include, but not be limited to, the following:
Notice of Privacy Practices: Providers are required to develop and provide individuals with their Notice of Privacy Practices. The notice should explain how the provider may use and disclose PHI, and the rights that individuals have to their PHI. A policy should be developed which outlines these requirements, including how the notice will be distributed.
A dental practice paid $10,000 to the OCR for failing to have an adequate Notice of Privacy Practices in place.
To embed, copy and paste the code into your website or blog:
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has announced a flurry of enforcement actions in the last quarter of 2020 as part of its Right of Access Initiative.
The Right of Access Initiative began in 2019 with OCR declaring its intention to enforce vigorously the rights of patients to receive copies of their medical records promptly and without being overcharged. Since then, this initiative has remained a top enforcement priority of OCR. There have been thirteen separate enforcement actions, including six in the final quarter of 2020, making good on the warning from OCR Director Roger Severino that “it s time for serious enforcement” in this area.