November 2012 - Northeast Pharmacy Service Corporation
November 2012 - Northeast Pharmacy Service Corporation
November 2012 - Northeast Pharmacy Service Corporation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
HIPAA SECURITY: A FOUR-PART SERIES<br />
By Karen Hekeler<br />
In the September issue of the Network News, we brought you through the first three<br />
steps of the HIPAA Security rule. Hopefully, you have set aside some time to complete<br />
those three steps. We will now continue with Step 4.<br />
Part II of IV<br />
HIPAA SECURITY<br />
Step 4:<br />
Step 5:<br />
Step 6:<br />
Step 7:<br />
In Tab 4 of the HIPAA Security binder, you will find a document titled<br />
“Risk Management Chart for Protecting Patient Information in Electric<br />
Form Administration Safeguards.” Please go through the chart and enter<br />
the date you completed each action item.<br />
The Security Regulations require you to have a BUSINESS ASSOCIATE<br />
AGREEMENT (BAA) on file with any entity you share PHI with that is<br />
not in itself a covered entity. Examples of who needs to have BAA on<br />
file include: IVR companies, <strong>Pharmacy</strong> and/or DME software companies,<br />
DME billing companies and any facility you deliver to where you<br />
are not delivering directly to the patient. Tab 4 has a copy of the BAA.<br />
Please go through your files and ensure you have a signed BAA on file<br />
for any of the business partners you are sharing PHI with.<br />
Under Tab 5, we have provided you with Security Policy and Procedures<br />
for all Employees. Please take a few minutes to familiarize your<br />
self with this policy and have your staff do the same. We have also<br />
provided you with a sample employment application.<br />
In Tab 6, you will find Personnel Policies Employee Sanctions. The Se<br />
curity Rule requires that all covered entities have appropriate sanc<br />
tions in place for employees who fail to comply. Please review this<br />
policy with your staff.<br />
Part III of this series will be included in the January issue of the Network News. If at<br />
any time during this process you have questions, please feel free to contact the<br />
NPSC office or your pharmacy consultant.<br />
6<br />
NETWORK NEWS - NOVEMBER <strong>2012</strong>