Newsletters & Alerts

Enter your name and email address to receive newsletters, alerts, and useful information.

Adobe PDF Reader

PDF files require a version of Adobe PDF Reader be installed. If you do not have Adobe Reader, click the link below and install it before downloading PDF files.


PayPal Logo

HIPAA Policy & Procedure Manual

hippaviolationMost optometrists are familiar with HIPAA. Few, however, have a comprehensive HIPAA Policy and Procedure Manual, much less one that complies with the final HIPAA Rules which took effect in September, 2013. HIPAA Manuals drafted before January, 2013 are not compliant with the "final" rules. In the event of a patient complaint or an audit by the Office of Civil Rights each "Covered Entity" must have a HIPAA Policy and Procedure Manual. Dr. Steinberg's model HIPAA Policy and Procedure Manual is up-to-date and fully HIPAA compliant. It is 100 pages long and includes all the sample forms you need to meet the HIPAA requirements if you are audited.


The HIPAA Policy and Procedure Manual addresses all aspects of the HIPAA Privacy Rule as it pertains to patients and patient rights, and has the ready-to-use sample forms you'll need for dealing with all patient requests concerning their protected health information. Reading and using this manual should substantially reduce your risk of a patient complaint and will enable you to respond to a complaint by showing the Office of Civil Rights that you have, in fact, complied with the Privacy Rule.

What are investigators looking for in a HIPAA Audit or Patient Complaint investigation?

Among other things, the specific audit protocol developed by the OCR includes the Privacy Rule requirements for


(1) notice of privacy practices for PHI;

(2) rights to request privacy protection for PHI;

(3) access of individuals to PHI;

(4) administrative requirements;

(5) uses and disclosures of PHI;

(6) amendment of PHI; and

(7) accounting of disclosures.

To comply with these specific privacy requirements under HIPAA, and to be prepared in the event you are the subject of either a random audit or an investigation following a patient complaint directly to the OCR or your State Board, every health care provider should have a HIPAA Policy and Procedure Manual which addresses the seven requirements above. If your office follows the guidelines in the Manual, and uses the sample forms contained in it, you should be well prepared to defend against any complaint and to pass any Privacy Rule audit.