Preface
How to Use This Book
Section I
A
Perspective on Privacy
Section II
An Explanation of the
Privacy Rule
Highlights of the Privacy Rule
New Rights for Patients
New Responsibilities for Covered Entities
Enforcement
Definition of
a Covered Entity
Definition of a Business Associate
Privacy Rule Fact
Sheet
Section III
Sample Policies and Procedures
Tips on Preparing an Effective Privacy Policy Manual
Define Your Purpose
Define Your Audience
Get Organized to Write
Get Input from Others
Consider a Privacy Policy Committee
Develop an Outline
Use the Policy Writing Checklists
Observe Basic Writing Guidelines
Plug and Play
Prepare a Draft for Review
Consider Professional Review
Organize Your Policy Manual
Pitfalls to Avoid
Twelve Tips for Better Readability
Privacy
Policy Implementation Guide
Policy Writing Checklist
Sample Policies
Introduction Statement
Guidelines to Limit Disclosure to Minimum Necessary
Guidelines to Limit Disclosure by Business Associates
Notice of Privacy Practices
Protecting Privacy in Payment Procedures
Patient Authorization for Non-medical Disclosures
Use or Disclosure of Information for Research
Government Access to Protected Health Information
Use or Disclosure of Protected Health Information for Marketing
Patient Access to Own Medical Record
Granting or Denying Access to Protected Health Information
Amending Protected Health Information
Providing an Accounting of Protected Health Information
Administrative Responsibilities
Safeguards to Protect Confidentiality of Protected Health Information
Guidelines for Effect of Prior Consent
Disclosures for Facility Directories and Notification Purposes
De-identification of Protected Health Information
Request for Confidential Communications
Request for Privacy Protection or Disclosure Restrictions
Complaint Procedure
Training Procedure
Disciplinary Procedure
Patient Consent
Author's Note
Section IV
Sample Forms
Job Description for a
Privacy Officer
Job Description for a Privacy Clerk
Job Description for
a Physician
Job Description for a Medical Receptionist
Job Description
for a Medical Records Clerk
Job Description for a Medical Practice Manager
Privacy Notice
Privacy Notice Acknowledgment
Privacy Consent Form
Privacy Authorization Form
Form Outlining Terms for Business Associate
Privacy Complaint Form
Response to a Privacy Complaint
Form
Requesting Right to Access
Response to Right to Access Request
Right to
Amend Request
Response to Right to Amend Request
Acknowledgment to
Right to Amend Request
Notification of Amendment to Covered Entities and
Business Associates
Right to Accounting of Disclosures
Response to
Request for Accounting of Disclosures
Request for Confidential
Communication of Protected Health Information by Alternative Means
Amendment to Health Plan Document
Record of Privacy Practices
Request for Restrictions
Response to Request for Restrictions
Sample Business Associate Contract Provisions
Memorandum to Employees
Regarding Privacy Policies and Training
Section V
Checklists
Is Your Organization a Covered Entity, Subject to
the Privacy Rule?
Requirements for Group Health Plans
Requirements for
Business Associates
Notice of Privacy Practices
Consent
Authorization
Privacy Protection Safeguards
Medical Records
Disclosure
De-identification of Protected Health Information
Re-identification of Protected Health Information
Marketing Activities
Permissible without Authorization
Fundraising Activities Permissible
without Authorization
General Rules for Uses and Disclosures
Uses and
Disclosures for Facility Directories
Uses and Disclosures for Notification
Purposes
Uses and Disclosures Required by Law
Uses and Disclosures for
Public Health Activities
Uses and Disclosures about Abuse, Neglect, or
Domestic Violence
Uses and Disclosures for Health Oversight Activities
Uses and Disclosures for Administrative or Judicial Proceedings
Uses
and Disclosures for Law Enforcement Purposes
Uses and Disclosures about
Decedents and Organ Donations
Uses and Disclosures for Research Purposes
Documentation of Waiver Approval for Research Purposes
Uses and
Disclosures to Avert Health and Safety Threat
Uses and Disclosures for
Specialized Government Functions
Section VI
Training
Introduction to Training Requirements
Training Leader's Guide
Sample Training Outlines
Test Your Knowledge and Answer Key
Training Visuals
Announcement Memo
Sample Training Acknowledgement
Section VII
Section by Section Summary of the Medical Privacy
Rule