top of page

The first-ever federal privacy standards to protect patients medical records and other information provided to

health plans, doctors, hospitals and other health care providers took effect on April, 14 2003. Developed by the

Department of Health and Human Services (HHS), these new standards provide patients with access to their

medical records and more control over how their personal health information is used and disclosed. They

represent a uniform, federal floor of privacy protection for consumers across the country. State laws providing

additional protections to consumers are not affected by this new rule.

The TMC HIPAA Program combines all the elements of a comprehensive compliance program dealing with the

following provisions:

Access to Medical Records. Patients generally should be able to see and obtain copies of their medical records

and request corrections if they identify errors and mistakes. Health plans, doctors, hospitals, clinics, nursing

homes and other covered entities generally should provide access to these records within 30 days and may

charge patients for the cost of copying and sending the records.

Notice of Privacy Practices. Covered health plans, doctors and other health care providers must provide a

notice to their patients regarding how they may use personal medical information and their rights under the new

privacy regulation. Doctors, hospitals and other direct-care providers generally will provide the notice on the

patients first visit. Patients generally will be asked to sign, initial or otherwise acknowledge that they received this

notice. Patients may also ask covered entities to restrict the use or disclosure of their information beyond the

practices included in the notice, but the covered entities would not have to agree to the changes.

Limits on Use of Personal Medical Information. The privacy rule sets limits on how health plans and covered

providers may use individually identifiable health information. To promote the best quality care for patients, the

rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their

patients. Personal health information generally may not be used for purposes not related to health care, and

covered entities may use or share only the minimum amount of protected information needed for a particular

purpose. In addition, patients would have to sign a specific authorization before a covered entity could release

their medical information to a life insurer, a bank, a marketing firm or another outside business for purposes not

related to their health care.

Prohibition of Marketing. The final privacy rule sets new restrictions and limits on the use of patient information

for marketing purposes. Pharmacies, health plans and other covered entities must first obtain an individuals

specific authorization before disclosing their patient information for marketing. At the same time, the rule permits

doctors and other covered entities to communicate freely with patients about treatment options and other health

related information, including disease-management programs.

Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and

other covered entities take reasonable steps to ensure that their communications with the patient are confidential.

For example, a patient could ask a doctor to call his or her office rather than home, and the doctors office should

comply with that request if it can be reasonably accommodated.

TMC will provide your facility with all the requirements of the program to assure compliance with this complex

legislation. We will provide:

  • A complete HIPAA Manual

  • Staff Training

  • Required HIPAA Posters

  • All required HIPAA Forms

  • Ongoing Support

In 1996 OCR added HITECH HIPAA to the basic HIPAA program. The new regulations deal with the Security, Privacy and Meaningful Use of patient's PHI. As part of the meaningful use provisions, all providers who are utilizing EMR or have taken money from the Government to convert to Electronic Medical Records must implement a Security Risk Assessment as part of their HIPAA compliance program. TMC is uniquely positioned to provide this service in an efficient, cost-effective manner. The SRA program will include:

  • A complete Initial Assessment

  • A Security Risk Analysis Report

  • A Policy and Procedure Manual

  • A Technical Vulnerability Scan

  • Staff Training

Call TMC today, to discuss how we can help your facility reach HIPAA compliance in a convenient, cost-effective

manner. Total Medical Consultants is the simple answer to a complex problem.


bottom of page