Review your results below to discover and address risks your pharmacy may experience.
1. Do you have a Notice of Privacy Practices in place that has been updated since July 1, 2013?
You Answered:
- Yes- Awesome! You meet the most recent requirements.
- No- Snap! This is a very easy requirement to fix. Make sure you have the correct version on display in your location, on your website, and being distributed to your patients. Also check your policies and procedures to ensure they are in date.
2. Are you conducting annual HIPAA training?
You Answered:
- Yes- Fantastic! Remember to document this training.
- No- Add this to your “To-Do” list as this is an annual federal requirement.
3. Do you have a Disaster Recovery Plan in place?
You Answered:
- Yes- Wonderful! Lets hope you never have to use it and maintain a copy that is NOT physically within your facility!
- No- This may also be known as a Contingency Plan. Information needs to be written, implemented and tested to access and restore data and operations in the event of an emergency such as floods, fire, tornados, etc.
4. Do you have Business Associate Agreements (BAA) in place with vendors that have access to PHI?
You Answered:
- Yes- Marvelous! Ensure your BAA meets HITECH requirements and were updated prior to September 2014.
- No- Check Health & Human Services for samples. Ensure you have signed BAA’s from individuals such as: shredding and computer companies, insurance switch providers, personal care homes/LTC facilities, consultants, etc.
5. Are you maintaining patient records for a minimum of 6 years?
You Answered:
- Yes- Good Deal! Remember all 6 years do not need to be in the patient file. They may be archived off site.
- No- Better start saving paperwork today!
6. Does your pharmacy have visual and auditory deterrents in place to protect PHI?
You Answered:
- Yes- Perfect!
- No- Time to turn up the music and buy some room dividers.
7. Does your pharmacy maintain a list of employees who have access and do not have access to PHI?
You Answered:
- Yes- Super- remember to update this list with new hires or if someone leaves your staff.
- No- It’s never to late to start a list. Work through your staff roster to determine who has Full Access to PHI (ex Pharmacists & Techs), who has Limited Access to PHI (ex a gift clerk who occasionally covers the pharmacy counter), and who should never be permitted to view PHI (ex the custodian)
8. Does your pharmacy have P&P for acknowledging and resolving patient complaints?
You Answered:
- Yes- You’re on top of things! Refresh staff members on procedures annually
- No- Incorporate this element into your Annual HIPAA Training.
9. Does your pharmacy complete annual Privacy and Security assessments?
You Answered:
- Yes- Good Work! Remember to maintain your Assessments for 6 years
- No- This is a great way to ensure all members of staff are fulfilling your HIPAA and PHI requirements and are on the same page.
10. If your patient receives another patient's medication, do you document the breach of PHI?
You Answered:
- Yes- Perfect you are following procedures
- No- You really should.
