COPIC offers the following forms and checklists for your use in complying with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) . The standards for Privacy of Individually Identifiable Health Information (the Privacy Rule) took effect on April 14, 2001. The Health Information Technology for Economic and Clinical Health Act (HITECH) which was enacted as part of the American Recovery and Reinvestment Act in 2009 requires notification of certain breaches of unsecured Protected Health Information (PHI).
These document are provided as general guidance and do not constitute legal advice. These forms and information are intended to supplement or provide alternatives to consider with respect to the overall HIPAA compliance program you have selected to guide your compliance efforts.
RESOURCE LINKS
NOTICE OF PRIVACY PRACTICES. The Notice of Privacy Practices form should be modified to fit the actual privacy policies of your practice. A Notice of Privacy Practices must be distributed to all patients with whom you have a direct treatment relationship the first time that you see them after April 14, 2003.
ACKNOWLEDGMENT AND GOOD FAITH. The Acknowledgment of Privacy Practices form may be used to satisfy the rule that requires you to make a good faith effort to obtain written acknowledgment that your patient has received your practice’s Notice of Privacy Practices.
AUTHORIZATION. The Authorization form may be used when the rules require an Authorization to release protected health information.
CHECKLIST FOR RESPONSE BY PROVIDERS RE: REQUESTS FOR ACCESS. This checklist may be used as a guide for implementing the patient’s right to access, inspect, and copy the designated record set. The HIPAA Privacy Rules grant patients the right to access, inspect, and copy the designated record set. The designated record set is the group of medical records and billing records about individuals maintained by or for a covered health care provider to make decisions about such individuals.
CHECKLIST FOR RESPONSE BY PROVIDERS RE: REQUEST TO AMEND. This checklist may be used as a guide for implementing the patient’s right to request amendments to their own protected health information.
SAMPLE LETTER DENYING REQUEST TO AMEND. This sample letter may be used to deny a patient’s request to amend their protected health information.
BUSINESS ASSOCIATE AGREEMENT (HITECH April 2010). This Business Associate Contract template closely follows the Business Associate Agreement recommended by the Department of Health and Human Services and may be used to implement the requirement that covered health care providers obtain written satisfactory assurances from their business associates.
AMENDMENT TO BUSINESS ASSOCIATE AGREEMENT to address HITECH. This amendment may be used to incorporate the requirements of the HITECH Act.
These document are provided as general guidance and do not constitute legal advice. These forms and information are intended to supplement or provide alternatives to consider with respect to the overall HIPAA compliance program you have selected to guide your compliance efforts.
RESOURCE LINKS
NOTICE OF PRIVACY PRACTICES. The Notice of Privacy Practices form should be modified to fit the actual privacy policies of your practice. A Notice of Privacy Practices must be distributed to all patients with whom you have a direct treatment relationship the first time that you see them after April 14, 2003.
ACKNOWLEDGMENT AND GOOD FAITH. The Acknowledgment of Privacy Practices form may be used to satisfy the rule that requires you to make a good faith effort to obtain written acknowledgment that your patient has received your practice’s Notice of Privacy Practices.
AUTHORIZATION. The Authorization form may be used when the rules require an Authorization to release protected health information.
CHECKLIST FOR RESPONSE BY PROVIDERS RE: REQUESTS FOR ACCESS. This checklist may be used as a guide for implementing the patient’s right to access, inspect, and copy the designated record set. The HIPAA Privacy Rules grant patients the right to access, inspect, and copy the designated record set. The designated record set is the group of medical records and billing records about individuals maintained by or for a covered health care provider to make decisions about such individuals.
CHECKLIST FOR RESPONSE BY PROVIDERS RE: REQUEST TO AMEND. This checklist may be used as a guide for implementing the patient’s right to request amendments to their own protected health information.
SAMPLE LETTER DENYING REQUEST TO AMEND. This sample letter may be used to deny a patient’s request to amend their protected health information.
BUSINESS ASSOCIATE AGREEMENT (HITECH April 2010). This Business Associate Contract template closely follows the Business Associate Agreement recommended by the Department of Health and Human Services and may be used to implement the requirement that covered health care providers obtain written satisfactory assurances from their business associates.
AMENDMENT TO BUSINESS ASSOCIATE AGREEMENT to address HITECH. This amendment may be used to incorporate the requirements of the HITECH Act.