Last year, over $25 million worth of HIPAA penalties were paid out. No doubt about it: HIPAA compliance is important.
But the money shouldn’t be what motivates you. When you have a HIPAA compliance violation, clients lose trust in your business. So protecting patient information is also good for public relations.
An important component of HIPAA is the HIPAA form. Want to learn more about how to create a HIPAA form with all the information you need? Read on to learn all that and more!
A HIPAA form must be on file before any protected health information (PHI) of a patient can get shared. That goes for any individuals or organizations for purposes not covered by the HIPAA Privacy Rule. Some examples include using PHI for research, marketing, or fundraising.
A HIPAA form also allows patients to release information to a family member in an emergency. Or elderly individuals may use one so they don’t have to worry about medical affairs.
But health organizations have to work with one another to run with efficiency. So what makes this all possible? For that, we can thank the HIPAA Privacy Rule.
The HIPAA Privacy Rule allows the exchange of PHI between authorized entities. If it’s for payment, treatment, or standard operations, a form isn’t necessary. That prevents HIPAA from hindering your health care.
In essence, only the minimum information necessary to do the job can get disclosed. This is to limit PHI sharing as much as possible to avoid any security breaches. It makes sure health conditions and insurance information remain confidential.
These routine disclosures do not need patient permission. But many businesses will issue Notice of Privacy Practices to inform patients. And others will have clients sign a HIPAA form no matter what, just in case.
The Privacy Rule also allows patients to access their own health care information. And if the patient finds any mistakes in the records, they can formally request a change to their records.
A HIPAA form needs to have certain items to be valid. What are they?
A HIPAA form must include all possible disclosure information. First, that means what information will (or might be) used or disclosed. It also includes who will be sharing it (usually the doctors and nurses taking care of the patient).
Then, the business must disclose to whom they’re giving this information. This will be either a name or an entity, such as a business or institution. Finally, the business needs to explain why this information is being disclosed.
This information is necessary for each disclosure. And if any of this information is not specific or meaningful enough, the form is not valid.
Finally, there should be an end date or event after which the consent form is no longer valid. Usually, this refers to an event such as death, the end of treatment, or the end of a research study. After this point, the form is no longer valid.
Additionally, the patient must sign and date the form. This indicates they have received and read the form. It also can be a reference point to make sure no disclosures occurred before the patient viewed the form.
Finally, information about the patient’s rights to their information must be present. This section should be pretty standard across all HIPAA forms you see.
First, it needs to explain that information can only get disclosed with permission. It also must discuss the organization’s obligation to keep your information safe. Additionally, it needs to state that the patient won’t get treated differently if the form isn’t signed.
Next, the form should advise that the individual can revoke authorization at any time. Any exceptions to this must be established. And the process for revoking authorization need to be thoroughly explained.
Finally, the right to complain to the Department of Human Health Services in the event of a privacy rights violation needs to be disclosed. Information on how to make that complaint should be present as well.
So, how do you fill out a HIPAA form for your business? It’s actually quite standard. But we’ll cover what you need to know here.
First, you’ll need to list the health care provider. This is your doctor or the hospital name. Each person that needs authorization to disclose this must have his or her own form.
Then, you’ll need to list by name the person that can release the information. You’ll also need to list the name of the person or entity that can receive it.
Next, you’ll need to list a time frame where the authorization is valid. This can either be until a certain date or until an event, like death or the end of a study. You’ll also need to specify what type of information can be released.
Finally, the patient or a patient’s representative needs to sign the form and date it. If the patient is a minor, their legal guardian can sign the form.
Want to see an example of a blank HIPAA form? Download a sample form here.
Are your HIPAA release forms out of date? Are they lacking the necessary information to be legally valid? We can help!
HIPAA Security Suite is your key to HIPAA compliance. We provide IT services, risk assessment, and audit responses. We also provide you with the most up-to-date HIPAA documentation so you can always keep your forms in order.
Interesting in learning more? Contact us today to learn how we can help you!