There are a number of things that assisted living facilities need to do in order to comply with the Health Insurance Portability and Accountability Act (HIPAA).
Written Policy of Protected Health Information
First and foremost, they need to have a written policy in place that sets forth how protected health information (PHI) will be handled. This policy must be made available to all staff members, and must be followed at all times.
This policy should be reviewed and updated on a regular basis, and all staff members should be trained on it.
Assisted living facilities must also designate a privacy officer who is responsible for ensuring that the facility is in compliance with HIPAA. This individual will be responsible for training staff members on HIPAA regulations and handling any complaints that may arise.
Secure Protected Health Information
The second thing that assisted living facilities need to do to comply with HIPAA is to ensure that all PHI is properly secured. This means implementing physical, administrative, and technical safeguards to protect the information from unauthorized access, use, or disclosure.
For example, PHI should be stored in a locked cabinet or room when not in use, and access to it should be restricted to authorized individuals only.
Assisted living facilities need to develop procedures for handling protected health information. These procedures should include how information will be collected, used, and disclosed. They should also outline how information will be safeguarded and how staff members can access it.
Procedures for HIPPA breaches
Third, assisted living facilities need to have procedures in place for dealing with HIPAA breaches. If a breach does occur, they must notify the affected individuals as well as the Department of Health and Human Services within 60 days.
They should also have a plan for preventing future breaches from occurring.
Protected Health Information Disclosures
Fourth and final thing that assisted living facilities need to do to comply with HIPAA is to keep track of all disclosures of PHI.
Assisted living facilities need to create a system for tracking protected health information. This system should include who has access to the information and when it was accessed.
They must maintain a record of when and why the information was disclosed, as well as who received it. This record keeping requirement helps to ensure that PHI is only disclosed when necessary and that all disclosures are properly documented.
Finally, assisted living facilities need to provide patients with a notice of their privacy rights. This notice should explain how the facility will use and disclose protected health information. Patients should be given the opportunity to opt out of having their information shared.
Assisted living facilities that fail to comply with HIPAA can be subject to civil and criminal penalties. However, by taking the steps outlined above, they can help to ensure that their PHI is properly protected and that they are in compliance with the law.