HIPAA Compliance Kit...     With Ready-to-use Forms

HIPAA COMPLIANCE KIT 5th Edition-2013
Table Of Contents ~ List of Forms

Introduction to the Kit
Disclaimer, Copyrights, and Liability Statements
Introduction to 5th Edition
List of abbreviations

Section I: How to Use This Kit
1. What is the goal of the Kit?
2. How is the Kit organized & what terminology does it use?
3. How can I best use this Kit?
4. What is this Kit not?

Section II: HIPAA - The Basics
5. Generally, what is HIPAA?
6. What is a Covered Entity (CE) and am I one?
7. Do I need to comply even if I do not own a computer?
8. What does "scalable compliance" mean for me?
9. What is and who is the Privacy Officer in a solo, private practice? 10. How easy is it to become compliant?
11. What are the basic requirements for compliance?
12. What happens if I did not meet any or some of the original deadlines?
13. What are the Privacy, Security, and Transaction Rules?
14. What are the HIPAA general deadlines?
15. What can trigger the Privacy Rule or HIPAA compliance audit?
16. What will happen if I do not comply with HIPAA?
17. What does HIPAA not do?
18. What do we not yet know about HIPAA?

Section III: The Privacy Rule: Records & Access
19. What is the HIPAA Privacy Rule?
20. How is therapist-patient privacy protected?
21. What is PHI?
22. What about keeping two sets of records?
23. What are Psychotherapy Notes?
24. What do the Psychotherapy Notes include?
25. What is excluded from the Psychotherapy Notes?
26. Can I see an example of the two types of notations?
27. Do individuals have a right to review their Psychotherapy Notes?
28. Do managed-care companies have the right to review the Psychotherapy Notes?
29. Does Medicare have the right to review the Psychotherapy Notes?
30. What about sharing Psychotherapy Notes with other treating clinicians?
31. Can a client authorize disclosure of the Psychotherapy Notes?
32. Can Psychotherapy Notes be disclosed without the patient's authorization?
33. What is the Supreme Court 1996 Jaffee v. Redmond decision all about?
34. What about re-disclosure of Psychotherapy Notes?

Section IV: The Privacy Rule: Consents, Notice, & Releases
35. What do I need to know about consents and authorizations?
36. What is TPO?
37. What about the consent for TPO?
38. Can a patient revoke his/her consent for TPO?
39. If a patient revokes his consent for TPO, can the therapist still be paid?
40. What about the federal amendment to consent for TPO?
41. What are the issues around authorizations?
42. Which basic forms must I have?
43. What is compound authorization?
44. When is neither consent nor authorization required?
45. What about HIPAA's Notice of Privacy Practices?
46. Should I post the Notice on my website or send it electronically?
47. What about patients' rights to request privacy?
48. If I have an Informed Consent, do I also need a HIPAA consent?
49. What is the difference between "use" and "disclosure"?
50. How do I deal with the judicial system and administrative proceedings?
51. How do I deal with law enforcement agencies?
52. What about disclosure where there is a threat or danger?
53. What rights do patients have to access their records?
54. When do patients NOT have the right to access their records?
55. What is the time frame for a patient's request to review his/her records?
56. Must patients pay for copies they request?
57. What rights do patients have to amend their records?
58. What about minors' records?
59. What about business associates?
60. What about consultation?
61. Can a therapist disclose records created by other providers?
62. What about disclosures for research purposes?
63. What are the considerations surrounding substance abuse disclosures?
64. What are the considerations for an account of disclosures?
65. What is the "need to know" requirement?
66. What is the "minimum necessary" requirement?
67. Can therapists disclose to their professional liability insurance?
68. Does the Privacy Rule create a government database of individuals?
69. Can therapists call out the names of patients in their waiting rooms?
70. What about disclosure to collection agencies?
71. Can clearinghouses and health plans use PHI?
72. Can one have joint consents?
73. Can one have combined consents?
74. What are re-disclosures?
75. What is a Disclosure Record?
76. What does de-identifying mean?
77. What are limited data sets?
78. What does HIPAA say about marketing?

Section V: The Security Rule
79. What is HIPAA's Security Rule?
80. What are the differences between the Privacy and Security Rules?
81. What is the good news about the Security Rule?
82. What are the four elements of the Security Rule?
83. What are the Administrative Procedures of the Security Rule?
84. How shall I physically arrange my office so it is HIPAA compliant?
85. How about protection from disasters?
86. What do I need to consider regarding phones?
87. What do I need to consider regarding fax machines?
88. What do I need to consider regarding copiers (copy machines) and printers?
89. What do I need to consider regarding email security and encryption?
90. What do I need to consider regarding text security and encryption?
91. What is included in the risk analysis and assessment?
92. What is included in risk management?
93. What do I need to consider regarding communication with clients via social networking sites?
94. What about general computer security and protection?
95. What about email signature?
96. What about HIPAA encryption requirements?
97. What about security issues with Skype and other video-conferencing Technologies?
98. What about the conduit exception?
99. What about breach risk assessment and breach notification analysis?

Section VI: The Transaction Rule
100. What is the Transaction Rule?
101. What about uniformity of electronic claims?
102. Which ICD, DSM, or CPT codes are required under HIPAA?
103. Does HIPAA mandate therapists to use electronic claims?
104. What are my choices in regard to billing?
105. What are my options in regard to electronic insurance claims?
106. What is the role of a clearinghouse?
107. What are the identification standards and what is NPI?
108. What about Code Sets?
109. Does Medicare mandate electronic billing?
110. What are some of the Transaction Rule’s basic terms and acronyms?

Section VII: Additional Requirements & Considerations
111. What are the general administrative requirements?
112. What about staff training?
113. What about procedures in my office?
114. What are some of the steps towards HIPAA compliance?
115. What about Electronic Health Records (HER)?
116. What is the Omnibus rule of 2013?

Section VIII: HIPAA, Ethics, Preemption Analysis and State Law
117. What is the preemption analysis?
118. Under what conditions does HIPAA preempt state law?
119. What happens when state law conflicts with HIPAA?
120. What happens when state law and HIPAA are not comparable?
121. What are the relationships between HIPAA & the Codes of Ethics?

Section IX: HIPAA, Ethics Codes and California Law
122. What are the relationships between HIPAA and California law?
123. Can you provide me with examples of HIPAA regulations that preempt California laws?
124. What are some of the instances where California laws preempt HIPAA?
125. Where can I find online resources for implementing HIPAA in California?

Section X: Ready-to-Adapt Forms
Form I: HIPAA Compliance Checklist
Form II: HIPAA Notice of Privacy Practices
Form III: Authorization to Release Information
Form IV: Request for Amendment of Health Information
Form V: Standard Office Policies & Informed Consent
Form VI: Tracking of Releases
Form VII: Account of Disclosures
Form VIII: Denial of Access to PHI
Form IX: Denial of Request for Amendment
Form X: Complaint Form
Form XI: Acknowledgment of Receipt of Notice
Form XII: Risk Assessment
Form XIII: Breach Assessment
Form XIV: Authorization/Consent to use unencrypted e-mail and text
Form XV: Patient's Right for Confidential Communications
Form XVI: Patient Request for Restriction on Use and Disclosure of PHI