Ensuring that your business is following all of the rules and regulations that pertain to you is a must-do for any responsible business owner. And HIPAA compliance is a major factor in this responsibility. If you missed our last blog, read it here to get up to speed on the basic elements that comprise HIPAA Compliance, then come back for this deeper dive.
Your HIPAA Compliance Program
I’m sure you’ve realized from the elements discussed in our previous blog, that there are a lot of important moving parts that make up a comprehensive compliance program. Now that we’ve covered the basic outline, let’s dig a little deeper into the necessary pieces that make up a HIPAA Compliance Program.
Documented Policies & Procedures
Documenting your compliance policies and procedures is non-negotiable. You will want to include training as well as systems compliance in your documentation in order to make sure that your processes match up with privacy expectations. We have also included a short list of the documentation you must hold onto for a minimum of six years near the bottom of this article.
Training
Having policies and procedures for compliance is a good place to start, but it doesn’t end there. All of your employees and all affected parties need to understand how to properly use the systems you have in place, and how to approach and execute the documented policies and procedures you’ve created.
Including training for HIPAA compliance in your onboarding process is an excellent way to ensure that everyone on your team understands what is required of them – and avoid potentially out-of-compliance practices amongst your employees while you’re at it.
Systems Compliance
One big potential issue that businesses face is ensuring that the systems they use are not only capable of HIPAA compliance standards of practice – but that those systems are set up to function within the parameters of compliance.
In short, just because a system can be HIPAA compliant, it doesn’t mean it is HIPAA compliant.
Most systems geared towards businesses do have the capability to be used in a HIPAA-compliant fashion. Still, you must pay attention to the way the system is set up to ensure that your use of the system is up to privacy standards.
HIPAA Compliance Checklist
There are times when a handy checklist is warranted to ensure that you haven’t missed any important components. HIPAA compliance certainly fits that bill! Review the following items to ensure that you have your bases covered in the compliance department.
- Establish whether or not your organization is required to comply with HIPAA and in what capacity. Start with whether or not your business is a covered entity: Covered Entity Decision Tool
- Determine the Rules that apply to the operation of your organization.
- Appoint a Privacy Officer if Privacy Rules apply.
- Appoint a Security Officer if Security Rules apply.
- Understand PHI.
- Conduct an audit to determine where PHI is created, received, stored, or transmitted, and how PHI is being shared.
- Limit the number of record sets containing PHI.
- Implement measures for the prompt notification of individuals and HHS´ Office for Civil Rights of any data breaches.
- Determine whether or not your organization is exempted from reporting data breaches to the State Attorneys General.
- Make sure you have a plan in place for finding out about changes to HIPAA and any related temporary notices.
- Periodically conduct a HIPAA risk assessment. Don’t worry, we will touch on this next!
There is some cross-over between the roles of Security Officer and Privacy Officer since both are required for the development of contingency plans and to perform due diligence.
PLEASE NOTE: The following documentation must be kept for a minimum of six years
- HIPAA risk assessment
- The written rationale for all of the measures, procedures, and policies implemented for HIPAA compliance
- All policy documents.
Admittedly, this is a lot to take in. The good news is that there are resources available to help you through the process of ensuring your compliance. If you need assistance – whether it’s connecting with professionals, getting advice, or helping with the next steps you need to take – we’re here for you. Reach out today.
