| 14. |
Develop an employee sanctions policy: The HIPAA policies distributed by the JCAAI and accessible here contain a series of recommended sanctions for violation of HIPAA Privacy rules by your employees. You should adopt these or amend them as appropriate. You must be certain that sanctions are applied to all violations without regard to the position of the violator. |
| 15. |
Patient Complaints: You must have a policy that determines how your practice will deal with complaints. You must designate a person to receive complaints that would usually be your Privacy Officer. All complaints must be taken seriously and immediately dealt with in a respectful way. Remember, patients have a right to complain to the Secretary to Health and Human Services (HHS) and you have an obligation to tell them that and offer to give them the address if they want it. It is much simpler to deal with all complaints within your office setting. Most HIPAA violation investigations are likely to come from formal complaints filed with the Secretary of Health and Human Services. Since violations have a potential for severe penalties (a fine and possible jail sentence). You want to deal with them internally if at all possible. The Privacy Officer should be put in touch with a patient stating a complaint immediately. Then the Privacy Officer should meet with the involved employee and/or the treating physician and a determination should be made as to how the allegations and/or violations will be dealt with.
NEXT>> |
