|
|
|
|
HIPAA
101: Ten Steps Toward HIPAA Compliance
Used
by permission from by
Paula C. Sandoval, Aspen Behavioral Health
Editor’s
Note: We’re all concerned about HIPAA compliance
these days . . .and finding sources for clear, succinct
information isn’t always easy. One such source, though,
is the website at Aspen Behavioral Health. Paula
Sandoval graciously gave us permission to share her
ten steps toward compliance. We hope you find it
helpful!
- Be
committed to abiding by HIPAA regulations.
Non-compliance may result in legal
and financial consequence. The Department of Health
and Human Services (HHS) appointed the Office of
Civil Rights (OCR) to enforce HIPAA regulations.
See http://www.hhs.gov/ocr/hipaa/finalmaster.html.
-
Become familiar with current information about HIPAA.
For an excellent resource on understanding
HIPAA regulations and how to address some implementation
issues, see the HIPAA Desk Reference at http://www.wedi.org/snip/public/articles/2002_0510_1.2.pdf
-
Get a complete list of policies and procedures.
Go to
http://www.wedi.org/snip/public/articles/2002_0510_1.2.pdf
Appendix VI: Policy Manual.
-
Start a notebook for your HIPAA policies, procedures
and forms.
The North Carolina Healthcare Information
and Communication Alliance, Inc. has a number of
checklists which address the various components
of the Privacy Rule, Security and other documents.
For this information go to http://www.nchica.org/HIPAA/sampledocuments.asp
-
Submit compliance extensions when they become available.
-
Put business associate agreements in place now.
If there are services you contract
out (e.g. billing, courier services, file storing
entities, professional legal services, transcription
and/or copy services, janitorial services) find
out what they are doing about HIPAA compliance.
For information about business associate agreements
between you and those entities go to http://www.nchica.org/HIPAA/sampledocuments.asp
. Click “
Agree” on the HIPAA sample document disclaimer for
access to their sample documents. Select ‘Business
Associate Agreement (Contract)’ to download as an
MS Word document. There are various sample
documents you can download or copy.
-
Review your consent forms for compliance with HIPAA
regulations .
See sample forms at http://hpc.state.nm.us/hipaaap/deskreference.pdf .
-
Meet with people in your organization who are involved
in managing information
both technically and non-technically. Include
as many people as you can with different job functions
and responsibilities so that everyone feels it is
a team effort. People will be more likely
to comply and invest if they feel their ideas and
active participation is needed in order to accomplish
the implementation of HIPAA compliance.
Find local groups working on HIPAA compliance as
they may already have developed tools to help you
identify gaps, develop policies, procedures and
practices. For an example of a local working
group, see the New Mexico Coalition for Healthcare
Information Leadership Initiatives (NM CHILI) See
their web site at www.healthlinknm.org/nmchili
.
-
Do a privacy and security walk through of your facility.
For an example of a preliminary
privacy and security audit see WEDI – SNIP Appendix
I: Model HIPAA Privacy And Security Audit For Small
Practices, pp.16-20 on the PDF file:
http://snip.wedi.org/public/articles/2002_0510_1.2.pdf
. Try to identify all the possible ways an unauthorized
individual might gain access to paper and electronic
confidential health information (e.g. client sign
in sheet, client access to unauthorized areas).
Review the list and describe how each non-compliant
area will be addressed. In recording how you
will address these gaps, include actions to be taken,
target date of completion, person responsible for
completing the task(s), and the resources it will
take to comply.
-
Develop and implement a staff training plan.
Plan how all persons in your organization
will be trained on HIPAA and how to show evidence
of the training. Document large and small things
you have done to comply with HIPAA regulations and
include HIPAA issues as a regular part of your staff
meeting agenda.
|
|
|
|