| This page contains 12 performance support tools that you
may view online, or print and keep available for future reference. Each
link will open a separate page, which will remain open. The College has
created these resources based on the HIPAA regulations and legal interpretation
available from our legal counsel. If you have specific questions about
the regulations and how they apply to you, we recommend you contact your
own legal counsel for guidance.
Please provide feedback about these
documents and other topics regarding HIPAA you would like to see addressed.
Administrative
Requirements (PDF, 77 K)
Use this checklist to ensure you/your practice is in compliance with all administrative requirements of the HIPAA Privacy Rule.
Patients'
Access to PHI (PDF, 105 K)
With a few exceptions, patients generally should be able to see and obtain
copies of their protected health information (e.g., medical record). Use
the following decision tree to help determine whether you may release
PHI to patients in accordance with the HIPAA Privacy Rule.
Notice
of Privacy Practice (PDF, 429 K)
Covered health plans, doctors, and other health care providers must provide
a notice to their patients regarding how they may use personal medical
information and patients' rights under the HIPAA Privacy Rule. Use the
following decision tree to help determine whether you comply with the
HIPAA Privacy Rule regarding your Notice of Privacy Practice.
Do
You Have Business Associates? (PDF, 118 K)
By law, the HIPAA Privacy Rule applies only to covered entities; however,
health care providers and health plans often use the services of a variety
of other persons or businesses (business associates) to carry out their
health care activities and functions. Use the following decision tree
to help determine whether other entities are your Business Associates
under the HIPAA Privacy Rule.
Are
You A Business Associate? (PDF, 115 K)
By law, the HIPAA Privacy Rule applies only to covered entities; however,
health care providers and health plans often use the services of a variety
of other persons or businesses (business associates), including other
covered entities, to carry out their health care activities and functions.
Use the following decision tree to help determine whether you are a Business
Associate of another Covered Entity under the HIPAA Privacy Rule.
Requests
to Amend PHI (PDF, 128 K)
Under the HIPAA Privacy Rule, an individual has the right to have a covered
entity amend protected health information about the individual in a designated
record set for as long as the protected health information is maintained
in the designated record set. Use the following decision tree to help
determine how to respond to a patient's request to amend his/her PHI in
accordance with the HIPAA Privacy Rule.
Research
Requests (PDF, 114 K)
In the course of conducting research, researchers may obtain, create,
use, and/or disclose individually identifiable health information. Under
the Privacy Rule, covered entities are permitted to use and disclose protected
health information for research with individual authorization, or without
individual authorization under limited circumstances set forth in the
Privacy Rule. Use the following decision tree to help determine whether
you may release information for the purposes of research in accordance
with the HIPAA Privacy Rule.
Tissue
Sharing Requests (PDF, 111 K)
In the course of conducting research including the use of tissue samples,
researchers may obtain, create, use, and/or disclose individually identifiable
health information. Under the Privacy Rule, covered entities are permitted
to use and disclose protected health information for research with individual
authorization, or without individual authorization under limited circumstances
set forth in the Privacy Rule. Use the following decision tree to help
determine whether you may release tissue samples in accordance with the
HIPAA Privacy Rule.
Access
to Deceased Patients' PHI (PDF, 157 K)
The HIPAA Privacy Rule allows for the use and disclosure of a deceased
patient's protected health information under certain circumstances, particularly
as it relates to performing the duties of a coroner or medical examiner
as authorized by law. Use the following decision tree to help determine
how you may use and disclose PHI regarding deceased individuals in accordance
with the HIPAA Privacy Rule.
Minimum
Necessary Requirements Checklist (PDF, 88 K)
Use this checklist to ensure you/your practice has complied with the requirement
that all covered entities evaluate their practices and enhance safeguards
as needed to limit unnecessary or inappropriate access to and disclosure
of PHI.
HIPAA and the
CAP Laboratory Accreditation Program
If you participate in the CAP Laboratory Accreditation Program, under
the regulations the College is considered a business associate of yours.
The College has drafted a model agreement you can use, and can be used
as a model for other business associate agreements you need to enter into.
HIPAA-Related
Definitions (PDF, 105 K)
This document defines many of the terms commonly used in the HIPAA regulations.
The information contained in these resources
is intended solely for education and communication purposes and is not
intended to constitute medical advice. The CAP expressly disclaims any
and all liability for any information included in these resources.
|
Performance Support Tools
