HIPAA Forms and Materials
COPIC offers forms, checklists and other materials for your use in complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). These documents are provided as general guidance and do not constitute legal advice. They are intended to supplement or provide alternatives to consider with respect to the overall HIPAA compliance program you have selected.
Notice of Privacy Practices This notice should be reviewed and modified to fit the actual privacy policies of your practice. A Notice of Privacy Practices must be distributed to all patients with whom you have a direct treatment relationship with the first time that you see them.
Acknowledgement of Receipt of Notice of Privacy Practices & Documentation of Good Faith Efforts This form may be used to satisfy the rule that requires you make a good faith effort to obtain written acknowledgment that your patient has received your practice's Notice of Privacy Practices.
Authorization to Use or Disclose Health Information This form may be used when the rules require an authorization to release protected health information.
Business Associate Agreement (Revised September 2013) This agreement closely follows the Business Associate Agreement recommended by the Department of Health and Human Services and may be used to implement the requirement that covered health care providers obtain written satisfactory assurances from their business associates. If you have any questions regarding this agreement, please contact Al Schwindt at (720) 858-6038 or email@example.com
Request for Access PHI Checklist This checklist may be used as a guide for implementing the patient's right to access, inspect, and copy the designated record set. The designated record set is the group of medical records and billing records about individuals maintained by or for a covered health care provider to make decisions about such individuals.
Request to Amend PHI Checklist This checklist may be used as a guide for implementing the patient's right to request amendments to his or her own protected health information.
Sample Letter Denying Request to Amend PHI This sample letter may be used to deny a patient's request to amend his or her protected health information.
Useful HIPAA Links
The website links in this section offer helpful resources from the U.S. Department of Health & Human Services (HHS) regarding common HIPAA concerns. These links are provided as general guidance and do not constitute legal advice. They are intended to supplement or provide additional information to consider with respect to the overall HIPAA compliance program you have selected.
HIPAA - Frequently Asked Questions
What is a “business associate?”
HHS Business Associates FAQs
Contract provisions required for business associate agreements
Third-Party HIPAA Compliance and Training Resources
These websites and tools provide you with additional HIPAA resources from professional organizations and vendor services. Inclusion of a site in this section is not an endorsement of any group and/or their policies or positions.
PrivaPlan Associates, Inc.® is a leading authority on HIPAA privacy and security compliance, and offers a wide array of products and services:
- HIPAA Privacy and Security Compliance Online Toolkit provides a do-it-yourself approach and proven 10-step process to HIPAA compliance for both the Privacy and Security Rules. It includes a step-by-step risk analysis guide to help reach Meaningful Use, and downloadable, customizable forms, training and reference materials. Cost is $350 if insured by COPIC ($395 retail). Use coupon code: copic350.
- HIPAA Online Training is an affordable and comprehensive course that covers HIPAA Basics and the Privacy and Security Rule. Total time for all three training modules is less than one hour. Cost is $139 if insured by COPIC ($169 retail) and this includes online quizzes and printable Certificates of Completion for three users (additional user licenses are $14/person). Use coupon code: copictrain129.
- On-Site and Remote HIPAA Security Risk Analysis is designed for practices to satisfy the Core Meaningful Use measure related to Privacy. It includes a review of your IT network and infrastructure, physical security, and policies and procedures. A detailed report of gaps/deficiencies as well as recommended remediation is provided. On-Site cost is $2,500 for practices in the Denver Metro Area/Front Range; Remote cost is $1,500 for medical practices of 1-15 providers and one location. Other practices should call PrivaPlan for a quote on special pricing.
Colorado Medical Board (CMB) Inquiry Letters
COPIC provides resources to assist you if you receive a CMB Inquiry letter and need guidance on how to respond in an appropriate manner.
Michael Skolnik Medical Transparency Act of 2010 (CO only)
COPIC has assembled resources for Colorado health care professionals to use as they prepare to comply with the requirements of the Michael Skolnik Medical Transparency Act of 2010. The resources here are current with the changes to the Act that became effective as of July 1, 2011.