What does it mean for homecare

·          Required to comply—not voluntary

·          Create a Notice of Privacy Practices (NPP) that all staff, contractors and patients should read and understand

·          Privacy and Security Official to write and implement new policies and procedures, receive complaints and mitigate violations

·          Authorization forms should be used for all use or disclosure of information that are needed for purposes other that Treatment, Payment and Operation (TPO)

·          Business Associates need to sign an addendum to their current contract that state that they will comply with the same rules as the agency

·          Additional patient rights need to be communicated to the patient

·          Privacy and Security policies and procedures need to be read, understood, and followed by all staff and business associates

·          Minimum necessary uses and requests for Protected Health Information

·          New authorization levels to access information

·          Responsibility to protect patient health information in any form