Appointing a privacy officer, assessing a pharmacy

Article

Second installment to Countdown to HIPAA

 

Countdown to HIPAA

Appointing a privacy officer, assessing a pharmacy

Editor's note: On Dec. 4, 2002, as the first HIPAA column was going to press, the Department of Health & Human Services, Office of Civil Rights (OCR), released its "Guidance Explaining Significant Aspects of the Privacy Rule." The 123-page guidance provides an excellent overview of the privacy rule and may be retrieved from the OCR Web site (www.hhs.gov/ocr/hipaa) under the heading "What's New."

The Health Insurance Portability & Accountability Act requires each pharmacy to appoint a privacy officer to be responsible for carrying out activities associated with HIPAA compliance. Often asked is whether the privacy officer has to be a pharmacist. The answer is No—HIPAA does not require a pharmacist to serve as the privacy officer.

In fact, a pharmacist may not be the best person to serve as the privacy officer due to the time commitment necessary for an R.Ph. to carry out current duties. It may be more effective to appoint a nonpharmacist, such as a technician or clerk.

Consider, for example, when a patient files a complaint that the pharmacy violated HIPAA. Pharmacies should encourage patients to file complaints with the pharmacy rather than OCR. But doing this means that the privacy officer must be attentive to the complaint and the patient who filed it, which may include meeting with the patient.

Chances are a patient who files a complaint is angry, or at least upset. Now picture a pharmacist sitting down to meet with the patient to resolve the complaint and being called away every few minutes to respond to an activity in the prescription department. This may further anger the patient and lead to the patient's filing a complaint with OCR. And the follow-up to such a complaint could be extensive.

A nonpharmacist considered for privacy officer must have knowledge and experience in the pharmacy operation. Careful consideration must be given to the competency of anyone being considered for privacy officer activities, which include, but are not limited to, the following:

• Acquire extensive knowledge of the HIPAA requirements and their application to your pharmacy.

• Develop your pharmacy's compliance plan, policies, and procedures.

• Conform your pharmacy operations, such as computer software, to HIPAA requirements.

• Develop your pharmacy's written Notice of Privacy Practices and a system for its distribution and acknowledgment of receipt by patients.

• Assist patients in exercising their rights under HIPAA.

• Obtain patient authorization for use and disclosure of protected health information (PHI).

• Resolve patient complaints.

• Prepare materials and oversee a pharmacy's cooperation and assistance in response to an investigation or compliance review by OCR.

• Maintain a secure filing system for all forms, documents, and records.

• Conduct/arrange staff training.

• Assist in establishing and imposing disciplinary measures against staff violating HIPAA requirements or the pharmacy's policies.

• Meet with patients to answer questions, provide information, and otherwise assist them.

• Assist in contracting with business associates, including setting up meetings with them, as necessary.

• Conduct planned and unplanned internal compliance audits.

• Monitor for changes in HIPAA requirements and make necessary modifications.

Because of the serious nature of the activities described above, the privacy officer must be given the authority to carry out these activities and be actively engaged in assessing the pharmacy environment.

A compliance plan must be tailored to the unique environment of each pharmacy, which requires an assessment of the pharmacy's environment. The assessment is basically a process of asking questions about the pharmacy operation and how it manages PHI.

Various assessment methods can be used, including detailed observations of daily activities and tracking of Rxs from start to finish. Whatever method is used, answers to the following questions, and many more that you identify, need to be obtained and recorded.

• What are the routine and unusual uses and disclosures of PHI?

• Are there "gaps" in the pharmacy's management of PHI that present risk of improper use and disclosure of PHI?

• Is the patient counseling area sufficiently private?

• Is there space for the privacy officer to meet with patients and that can be secured for storing records?

• How is information for the patient profile acquired?

• Are phone conversations containing PHI conducted outside the Rx department?

• How are computer records, including daily backup, secured and maintained?

• Who are the business associates of the pharmacy and are any contracting activities required?

After acquiring extensive knowledge of the HIPAA requirements, the privacy officer will be able to recognize questions about the pharmacy environment that must be answered.

By Walter L. Fitzgerald Jr., R.Ph, J.D.

Walter L. Fitzgerald Jr., a pharmacist-attorney, is a professor of pharmacy at the University of Tennessee College of Pharmacy and author of the NCPA HIPAA Compliance Handbook for Independent Pharmacy.

 

Walter Fitzgerald. Appointing a privacy officer, assessing a pharmacy. Drug Topics 2003;2:49.

Related Videos
Related Content
Voices in Pharmacy: April 2024 Expert Interviews

Voices in Pharmacy: April 2024 Expert Interviews

April 25th 2024
Article

Check out these featured Drug Topics expert interviews from April 2024.

Is E-Prescribing the Future of Veterinary Medicine?

Is E-Prescribing the Future of Veterinary Medicine?

December 21st 2023
Podcast

Wendy Crouse, DVM, an independent house call veterinarian with Heal House Call Veterinarian, sat down with Drug Topics to discuss how the adoption of e-prescribing has transformed her practice.

FDA Approves Generic OTC Naloxone Nasal Spray

FDA Approves Generic OTC Naloxone Nasal Spray

April 25th 2024
Article

Amneal Pharmaceuticals said its generic naloxone hydrochloride nasal spray is now available in the US following FDA approval.

The Importance of Continuing Education in Pharmacy Compounding

The Importance of Continuing Education in Pharmacy Compounding

December 13th 2023
Podcast

Kevin Hope, RPh, senior director of pharmacy education at Pharmcon, joined Drug Topics to discuss pharmacy compounding from the new USP changes and the importance of education around compounding best practices.

Community Pharmacists Could Help Patients Control Diabetes Through Remote CGM Monitoring

Community Pharmacists Could Help Patients Control Diabetes Through Remote CGM Monitoring

April 25th 2024
Article

A new study found that cloud-based CGM monitoring services provided statistically significant improvements in high time above range, time in range, and average glucose.

Pharmacists’ Role in the Diagnostic Stewardship Team

Pharmacists’ Role in the Diagnostic Stewardship Team

April 25th 2024
Article

With expertise through antimicrobial stewardship experience, researchers believe antimicrobial stewardship pharmacists are vital in assisting diagnostic stewardship.

© 2024 MJH Life Sciences

All rights reserved.