So I went to see a surgeon yesterday for a consult on something. I had never been to his office before, and expected I’d have to fill out a bunch of forms.
Not surprisingly, there was a line that asked me for my Social Security number. I ignored it.
The form asked me my race under “meaningful use” and said they were required by the government to ask that.
The forms did not ask me how they could contact me and to whom else they could disclose my information (friends and family). The forms made no mention of how they might disclose or share my information.
There was, however, a statement asking me to sign that I had been shown the HIPAA privacy practices notice. Since I hadn’t been given it, I asked to see it.
“Oh, we recently switched over to EMR,” said the cheerful employee at the desk,”so we don’t have to use HIPAA privacy notices any more.”
Say WHAT?
I tried to explain to her that they were seriously misunderstanding the regulations, but I’m sure that my attempts to help sailed over her head and were not relayed up the chain.
Maybe after the surgery is over, I’ll try again….
The Notice of Privacy Practices must be made available on the first visit, and then on request, among a few other places. Not doing this is a huge violation of HIPAA as this is where your rights are spelled out. Additionally, all recent NOPP must have new HIPAA provisions included so look for an effective date on or after January of 2013.
Yes. Another one of my new doctors actually had their updated notices with required provisions, but this surgeon’s office blew my mind…