Thread Options
|
#59267 - 02/05/03 03:57 PM
HIPAA Privacy Compliance
|
Anonymous
Unregistered
|
We are a community bank of 150 employees and are interested in knowing how other banking organizations are responding to the HIPAA Privacy regulations. Has your organization developed a written plan? We believe we already comply with most requirements due to employment law and procedures developed for Y2K, but have not developed a plan specifically addressing HIPAA. We would appreciate hearing how other banks are responding.
|
Return to Top
|
|
|
|
#59268 - 02/05/03 06:24 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,339
TX
|
Here's a great place to start. HIPAA Banking Check the recent edition of ABA Bank Compliance. There's an excellent article on HIPAA for banks.
_________________________
Opinions are mine not my employer's, and should not be taken as legal advice.
|
Return to Top
|
|
|
|
#59269 - 02/05/03 07:23 PM
Re: HIPAA Privacy Compliance
|
Anonymous
Unregistered
|
Thanks for the input. I've been checking the ABA site. What I'm hoping to find is a model to point us in the right direction.
|
Return to Top
|
|
|
|
#59270 - 02/05/03 09:27 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,339
TX
|
In a nutshell, a model would look like this with these steps [this is for the HIPAA privacy regs, not the HIPAA security regs which are not final]: 1. Do a gap analysis. In other words, compare present practices for handling PHI with the requirements of the regs. Note the deficiencies. Prepare an action plan. 2. Write your policy and procedures for all aspects of the privacy regs. Articles can help you determine necessary procedures. 3. Implement and train on your procedures. 4. Have business associate agreements in place where necessary. 5. Have all this done by the April 13, 2003 deadline. There's help out there. We hired a regional accounting/consulting firm to do our gap analysis and to provide standard procedures forms. We're doing all the rest, and our counsel prepared the BAA's.
I hope this is a little more help to you. If you are immersed in HIPAA any more than on the employment side (like medical lockbox services) I'd suggest going the consultant route to get you started.
_________________________
Opinions are mine not my employer's, and should not be taken as legal advice.
|
Return to Top
|
|
|
|
#59271 - 02/06/03 03:31 PM
Re: HIPAA Privacy Compliance
|
Anonymous
Unregistered
|
Thanks again for the input. I'm trying to monitor daily on new information re. this issue.
|
Return to Top
|
|
|
|
#59272 - 02/06/03 03:59 PM
Re: HIPAA Privacy Compliance
|
100 Club
Joined: Nov 2000
Posts: 176
|
FYI--Ken is speaking on this topic as the 2003 NRCC in Washington D.C. in June. I look forward to his session.
_________________________
...but I saved a lot on my auto insurance
|
Return to Top
|
|
|
|
#59274 - 02/06/03 08:09 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,339
TX
|
Two easy ways to contact me: click on my name to the left of this message and then click on my email address at the top of my profile. Or you may send me a private message through BOL. There's a button at the bottom of my profile.
_________________________
Opinions are mine not my employer's, and should not be taken as legal advice.
|
Return to Top
|
|
|
|
#59275 - 02/11/03 09:34 PM
Re: HIPAA Privacy Compliance
|
Anonymous
Unregistered
|
What is the April '03 date, I thought it was Oct. '03??
|
Return to Top
|
|
|
|
#59276 - 02/11/03 10:50 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,339
TX
|
Privacy rules effective date is April 14, 2003. Final security rules expected out this month.
_________________________
Opinions are mine not my employer's, and should not be taken as legal advice.
|
Return to Top
|
|
|
|
#59279 - 03/17/03 02:53 PM
Re: HIPAA Privacy Compliance
|
Anonymous
Unregistered
|
I guess I've had my head buried in the sand!!! Is there an easy way to determine if our bank is a "clearing house"? We do not take lock box payments. We take deposits from a doctor and local clinic????? I am attending HIPAA privacy training, but I was not aware of the need to write a policy and gap analysis and action plans, etc.... Thanks for your input.
|
Return to Top
|
|
|
|
#59282 - 03/18/03 05:20 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
|
We are not a healthcare clearinghouse. We have procedures in place if any of our customers want us to sign a privacy agreement. However, in speaking with another bank in a similar situation, I was told they are writing a HIPAA policy and naming a HIPAA Privacy Officer. Is this required for a bank like us? We are using the ABA/NACHA privacy agreement for any of our customers who want us to sign off on that.
I thought we had HIPAA under control and now I'm not sure.
_________________________
--A bad day at sea is better than a good day at work.
|
Return to Top
|
|
|
|
#59284 - 03/18/03 08:34 PM
Re: HIPAA Privacy Compliance
|
Diamond Poster
Joined: Jun 2001
Posts: 1,373
Lido Deck
|
Thanks Bob. I have passed this information along to our HR people as well.
_________________________
--A bad day at sea is better than a good day at work.
|
Return to Top
|
|
|
|
|
|