Monthly Archives : April 2015

Pharmacy News: HIPAA Compliance Policies and Procedures

policy-procedure

We have been talking HIPAA Readiness for a little over a month now and I hope that it is helping you to realize you can’t afford to ignore HIPAA Compliance, or put your program on a shelf.  Our final topic before we sum it all up is another HIPAA basic: policies and procedures.

Mind your Ps and Qs, or in this case, your P and Ps.

In the old days, many people had formal living rooms or parlors that were perfect showcases of fancy furniture and tchotchkes, rooms where no one was actually allowed to live. They were kept clean and pristine only for guests and maybe for the family on Christmas Day.

Some pharmacies treat their HIPAA compliance policies and procedures like the “good parlor”—they’re perfect, but they’re only pulled out for guests, who, in this case, are called auditors. Their well-worn day-to-day operations don’t follow the good intentions outlined in the pharmacy’s official P and Ps. Unfortunately, your pretty P and P’s won’t impress an auditor if they are not put into practice.

There are a number of ways a disparity between written policies and procedures and actual operations can develop. Perhaps you’ve purchased an off-the-shelf compliance package to keep up with changes made in the latest HIPAA rules; then, you put it back on a dusty shelf in your store because you were too busy to implement any necessary changes to your systems.

Too much success can lead to cutting a few corners. In the hustle and bustle of a busy pharmacy, vials brought in for refill can get tossed in the trash or recycling bin. Records could be put aside to be refiled when the rush is over, but misplaced instead. Under the stress of a long line of customers, electronic security measures may be missed, passwords may be shared (“Joe, give me your password. I need to refill this Xanax.”).

All of your employees were trained on your policies and procedures. But, just as a student may forget half the information s/he crammed for a test as soon as the test is over, your staff may forget some policies that don’t come up in everyday practice. On a happier note, your staff may have “invented a better mousetrap,” a better procedure that complies with the HIPAA rules than what is written in your P and P’s. Edit your written procedures, and all will be well.

The moral of the story: Sit on your fancy furniture, use the good china, and follow your P and P’s.

For more information about HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of our Specialists. Also, stop back here for additional posts on compliance issues and what you need to know as a pharmacy owner.

Pharmacy News: Notice of Privacy Practices

We have taken a long journey in this HIPAA Readiness series, so let’s not forget the basics —

Stop Me If You’ve Heard This One: Notice of Privacy Practices

Communication is the key to success. Or so read a poster on the wall in my high school English class. Communication is also thenotice of privacy key to HIPAA compliance. You need to give every patient a Notice of Privacy the first time you provide any health service. The Notice of Privacy Practices must be designed to inform the patient as to how their Protected Health Information may and may not be used, and provide them with information related to their individual rights.

Communication is a two-way street. Another tried and true aphorism that’s relevant to HIPAA. Your patients need to tell you that they received a Notice of Privacy Practices. Luckily, you don’t have to document that they read and understand the notice, but you do need to get them to sign an acknowledgement that you gave it to them. You probably have a checklist for serving new patients; it may even be part of your pharmacy software. Make sure that the Notice of Privacy Practices acknowledgment is on it, and that you have some method of quality control to double check that all patient files include an acknowledgment. If you find a file that is missing the acknowledgment, don’t panic, but put an alert on their account to make sure you get one on the patient’s next visit.

Here’s another old saw: Repetitio mater studiorum est, or Repetition is the mother of all learning. You’ve handed your patients a Notice of Privacy Practices which they will very likely toss, file away, or lose. It is therefore prudent for you to offer the notice in other, more lasting forms. Post a copy at the pharmacy counter. Put a Privacy Notice link on every page of your website where patients go for services like prescription renewals. Such repetition adheres to another ancient adage: CYA, or Cover your…assets.

For more information about HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of our Specialists. Also, stop back here for additional posts on compliance issues and what you need to know as a pharmacy owner.