It is that time of year – the weather in many places is all over the place. From 80 degrees to 28 degrees in a few days in the Midwest, cool comfortable air on the east coast, from green leaves to an array of oranges, yellows, reds, and greens. From trees full of summertime and leaves to bare branches and leave piles on the ground. With the changing in the seasons, it’s time to prepare for the next season. Creating a solid HIPAA compliance program can be like braving the weather and embracing the change in the seasons – but instead we focus on the change in the culture within our organization.
There has been a lot of news regarding HIPAA over the past couple weeks. Continued data breaches, the Office of Inspector General (OIG) stating that there has been a lack of HIPAA oversight and enforcement, and Phase 2 of the HIPAA Audits beginning in early 2016. The stage has been set, the world has been notified – there is going to be a change in the enforcement of HIPAA and NOW is the best time to prepare your organization.
Here are Six Simple Steps you can take to prepare your organization for success with the upcoming changes in enforcement and Phase 2 HIPAA Audits.
Conduct a Risk Assessment/Analysis – if you haven’t conducted a risk analysis recently, it might be a great idea to conduct one again soon. Make sure to have a risk analysis report that provides information on how the audit was conducted, what systems were evaluated and what the identified risks were. Remember – don’t stop there. You must create a risk management plan and mitigate and/or address all the risks identified.
Review and update all policies and procedures – policies and procedures create the foundation for success with HIPAA compliance. Conduct a gap analysis on your policies and procedures. Look for policies that you may be missing or policies that don’t meet minimum compliance. Then ensure that your organization is following the policies you have created. Look for evidence such as documents, logs and audit forms that can prove you are in compliance with your policies.
Know who your Business Associates Are – evaluate who you are paying as third party contractors and what tasks they are performing for your organization. If they are creating, receiving, transmitting or storing any protected health information on your behalf – ensure that you have an updated business associate agreement in place with them. Consider creating an easily accessible list or spreadsheet of all your business associates within your organization.
Review and become familiar with the Audit Protocol – although the new HIPAA audit protocol hasn’t been officially published, it is good practice to review and become familiar with the HIPAA audit protocol that was used on the HIPAA audits of 2011-2012. This will help an organization understand what will be looked for as far as evidence of compliance with the regulations.
Conduct internal HIPAA audits – practicing audits and helping staff become comfortable with answering questions regarding HIPAA compliance should be done. If an on-site HIPAA audit is conducted, the auditors will not only be talking to the HIPAA Privacy and Security Officers, but also all workforce members that take part in providing proper protection of patient information (A.K.A. – EVERYONE)
Educate all staff and leaders on the importance of HIPAA Compliance – education of your entire workforce becomes an essential step in HIPAA compliance. Your workforce should know and understand what HIPAA is and the processes and procedures that are established within your organization for proper HIPAA compliance!
While this list isn’t a complete list of what an organization can do – it is a few simple steps that can definitely help create a solid HIPAA program and prepare for the increase in enforcement and Phase 2 HIPAA Audits. Don’t be one of the healthcare organizations that states “We didn’t know that was a requirement” or “We thought we had more time to be compliant.” Be prepared and feel confident in the way that you are protecting your patient’s information. Your healthcare organization will benefit and your patients will be satisfied knowing that they are receiving great care and their information is properly protected and secured!
TriPoint Healthcare Solutions will be launching an online course soon that will guide healthcare organizations through preparing for a HIPAA Audit! Want to be the first to know about this new class? Sign up here and receive the information and access to this class!