Covered entities are required to have compliance policies and procedures. Medical records must be stored in a separate location from business and personnel records. Documents should be updated to comply with the security rules. Employers also need to comply with state privacy laws.
Notice must be given to all patients at their first visit regarding their rights under HIPAA, including the right to access their information and the right to complain if they feel their rights have been violated. The covered entity should obtain written acknowledgement that the patient has received notice of their privacy policies.
It is important for covered entities and their employees to be aware of their responsibilities.
It is also important for patients to know their rights and responsibilities.