Physicians must make their privacy policies public

Patients need to be aware of your new office policies.

By Joel Finkelstein, AMNews staff. Feb. 24, 2003.

HIPAA Minute
A series of brief explanations to help physicians prepare for the medical privacy rule, effective April 14, 2003.

Creating office policies to protect patient data is not enough. You have to make them public.

The medical records privacy rules require doctors to hand out notices that tell patients how their health information will be used and explain their rights, such as seeing their own medical records. The notices also must contain a description of office procedures for protecting patient information, what privacy practices are required by law and how patients can get more information.

To be in compliance, physicians' offices will have to post their notices, both in the office and on their Web sites, and distribute them to patients. Doctors are also required to make a good-faith effort to have patients sign off on the notices.

Since physicians will not be able to get every patient to sign an acknowledgement, physicians must document their efforts and explain why the patient did not sign it.

The rule, part of the Health Insurance Portability and Accountability Act, notes that in emergency situations, this requirement is waived until the patient is stabilized. And, in general, the notice requirements should never stand in the way of administering care.

To this end, the rule offers much flexibility to help physicians inform their patients of privacy practices.