Covered entities and business associates often wonder how to make certain that workforce members read and understand the HIPAA policies that apply to them without wasting valuable time reading all of the HIPAA policies when the majority may not apply to them. For example, why should an employee who is neither authorized to take work home nor has any need to do so have to be familiar with the work-at-home policy? Or why should a nurse’s aide need to be familiar with the how to handle a request for correction/amendment policy? In the unlikely event that a patient asks a nurse’s aide to correct an inaccuracy in the chart, all that the nurse’s aide has to know is to refer the patient to the health information management department or other person or department, but the nurse’s aide does not need to know how to process the request once made.
So I developed a form for covered entities and business associates in response to a request from a long-time HIPAA business associate client of ours in California. With the recent rash of civil money penalties imposed by the Department of Health and Human Services (“DHHS”), ranging from $100,000 to $4.3 million, which were mostly due, at least in part, to the failure to have implemented policies or to have trained personnel on those policies, I thought that my subscribers might want to use the form to track which workforce members must be familiar with which policies and to create a written record that the employee had read, had understood, and had agreed to comply with those policies. Remember, for HIPAA, if it’s not written, it’s not!
If you are already a Premium Member of this website, log in, download the new Sample Policy Awareness Form, which is in a handy, editable, older version of Word®, and adapt it to your situation. If you are not yet a Premium Member, go to the store, buy your year’s subscription, download the form, and adapt it to your situation. If you prefer or if you encounter issues, call us toll-free at 855-341-8783, and we will get you set up and on your way.