|
POLICY:
Columbia University Medical Center will develop and distribute to its patients a
Notice of Privacy Practices that describes how a patient's Protected Health
Information (PHI) may be used and disclosed, the rights and responsibilities of
patients with respect to their PHI, and the responsibilities of Columbia University
Medical Center with respect to PHI it creates, collects, and maintains.
PURPOSE :
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates
development and distribution of a formal document, a Notice of Privacy Practices
(NOPP), to the health care organization's patients. The primary goals of the NOPP
are to describe:
- how the health care organization will use and disclosure a patient's
PHI;
- the patient's rights and responsibilities with respect to his/her PHI;
and
- the covered entity's duties with respect to a patient's PHI.
This Policy describes how the Columbia University Medical Center NOPP will be
distributed and acknowledged, and who to contact in case of questions about the NOPP or
its contents.
PROCEDURES:
- Each patient that visits Columbia University Medical Center will
receive and be asked to acknowledge receipt of the NOPP.
- When a patient comes to Columbia University Medical Center for
services, the health care provider's office will determine whether the patient
has received the most recent version of the NOPP by:
- Checking the patient's file. If the patient received the NOPP
on a previous visit, the patient's file will contain a Patient Acknowledgment
signed by the patient, or
- Checking the IDX system. If the patient received the NOPP on a
previous visit, the patient's file in the IDX system should contain
documentation of receipt and acknowledgment.
- If there is no documentation of a previous receipt and acknowledgment
of the NOPP, the health care provider's office will:
- Provide the patient with the most current version of the NOPP;
- Ask the patient to acknowledge receipt of the NOPP by signing the
Patient Acknowledgment form;
- Make a copy of the signed Patient Acknowledgment form and give the
copy to the patient;
- If the patient refuses to acknowledge receipt of the NOPP, document
the patient's refusal on the Patient Acknowledgment form along with any efforts
that were made to obtain the patient's acknowledgment;
- File the Patient Acknowledgement form in the patient's file;
and
- Record the receipt and acknowledgment in the IDX system.
- If the patient's file contains a signed Patient Acknowledgment form,
or the IDX screen indicates the patient has already received and acknowledged
receipt of the NOPP, another NOPP may, but is not required to be provided to the
patient.
- Requests for a NOPP. . If any individual requests a
copy of the Columbia University Medical Center NOPP, the person receiving the request
should provide him/her with one.
- Documentation. All documentation related to the receipt
and acknowledgment of the NOPP will be maintained for a minimum of six (6) years.
Signed Patient Acknowledgment forms in the patient's file will not be included as part
of a Designated Record Set.
- Questions. Questions from patients about the NOPP or its
contents should be directed to the HIPAA Privacy Officer. Questions about the
distribution and acknowledgment process should be directed to the employee's
supervisor or the HIPAA Privacy Officer.
- Definitions
Designated Record Set (DRS) means the set of clinical
and/or financial information, records, and documents the healthcare provider
would provide to the patient upon a request from the patient to access his/her
PHI at that healthcare provider's office.
Protected Health Information is information about a
patient, including demographic information that may identify a patient, that
relates to the patient's past, present or future physical or mental health or
condition, related health care services or payment for health care services.
RESPONSIBILITY:
Departments, HIPAA Privacy Officer
| ISSUED: |
December 2003 |
| REVIEWED: |
October 2007 |
|
