The first-ever federal privacy standards to protect patients medical records and other information provided to
health plans, doctors, hospitals and other health care providers took effect on April, 14 2003. Developed by the
Department of Health and Human Services (HHS), these new standards provide patients with access to their
medical records and more control over how their personal health information is used and disclosed. They
represent a uniform, federal floor of privacy protection for consumers across the country. State laws providing
additional protections to consumers are not affected by this new rule.
The TMC HIPAA Program combines all the elements of a comprehensive compliance program dealing with the
Access to Medical Records. Patients generally should be able to see and obtain copies of their medical records
and request corrections if they identify errors and mistakes. Health plans, doctors, hospitals, clinics, nursing
homes and other covered entities generally should provide access to these records within 30 days and may
charge patients for the cost of copying and sending the records.
Notice of Privacy Practices. Covered health plans, doctors and other health care providers must provide a
notice to their patients regarding how they may use personal medical information and their rights under the new
privacy regulation. Doctors, hospitals and other direct-care providers generally will provide the notice on the
patients first visit. Patients generally will be asked to sign, initial or otherwise acknowledge that they received this
notice. Patients may also ask covered entities to restrict the use or disclosure of their information beyond the
practices included in the notice, but the covered entities would not have to agree to the changes.
Limits on Use of Personal Medical Information. The privacy rule sets limits on how health plans and covered
providers may use individually identifiable health information. To promote the best quality care for patients, the
rule does not restrict the ability of doctors, nurses and other providers to share information needed to treat their
patients. Personal health information generally may not be used for purposes not related to health care, and
covered entities may use or share only the minimum amount of protected information needed for a particular
purpose. In addition, patients would have to sign a specific authorization before a covered entity could release
their medical information to a life insurer, a bank, a marketing firm or another outside business for purposes not
related to their health care.
Prohibition of Marketing. The final privacy rule sets new restrictions and limits on the use of patient information
for marketing purposes. Pharmacies, health plans and other covered entities must first obtain an individuals
specific authorization before disclosing their patient information for marketing. At the same time, the rule permits
doctors and other covered entities to communicate freely with patients about treatment options and other health
related information, including disease-management programs.
Confidential communications. Under the privacy rule, patients can request that their doctors, health plans and
other covered entities take reasonable steps to ensure that their communications with the patient are confidential.
For example, a patient could ask a doctor to call his or her office rather than home, and the doctors office should
comply with that request if it can be reasonably accommodated.
TMC will provide your facility with all the requirements of the program to assure compliance with this complex
legislation. We will provide:
A complete HIPAA Manual
Required HIPAA Posters
All required HIPAA Forms
In 1996 OCR added HITECH HIPAA to the basic HIPAA program. The new regulations deal with the Security, Privacy and Meaningful Use of patient's PHI. As part of the meaningful use provisions, all providers who are utilizing EMR or have taken money from the Government to convert to Electronic Medical Records must implement a Security Risk Assessment as part of their HIPAA compliance program. TMC is uniquely positioned to provide this service in an efficient, cost-effective manner. The SRA program will include:
A complete Initial Assessment
A Security Risk Analysis Report
A Policy and Procedure Manual
A Technical Vulnerability Scan
Call TMC today, to discuss how we can help your facility reach HIPAA compliance in a convenient, cost-effective
manner. Total Medical Consultants is the simple answer to a complex problem.