Moving from 0 to HIPAA Compliant can be a lot like climbing Mt. Everest. Starting from the bottom and staring up to try and see the peak of Mt. Everest is challenging just as starting the route to HIPAA compliance can be. When climbing Mt. Everest, nobody sets to climb to the summit in one day. Instead, they prepare themselves for the climb, and they break it up and take it in small steps – with a dream of reaching the summit. The usual course of the climb is:
- Ice Fall
- Camp 1
- Camp 2
- Camp 3
- Camp 4
- Everest Summit (YES)!
Looks easy, right? WRONG! At times, climbers spend 4 – 8 weeks at the different camps trying to acclimate themselves to the altitude and prepare themselves for the next hike up the mountain. The time spent moving between camps takes hours upon hours and can be treacherous and dangerous. But the moment that the climbers walk the last few steps and make it to the summit, all the hard work and dedication pays off. They can finally enjoy the success of the momentous task they just accomplished.
BREATH, EXIST, and ENJOY the moment – because then they remember that they have to climb down AND the only way down – is the way that they came up.
When first reviewing the HIPAA Privacy and Security Regulations, it can be SCARY and OVERWHELMING, similar to climbing Mt. Everest. Between the two regulations, writing policies and procedures and establishing practices for an organization can take weeks, even months. The challenge that HIPAA privacy and security practitioners face is that HIPAA usually is another added task to one’s already full plate, creating an even bigger hurdle in the path to the summit of HIPAA compliance. With all the conflicting priorities and trying to meet so many deadlines, HIPAA tasks usually gets pushed off to the side or left for ‘tomorrow’ to do. How many times has HIPAA come up on your ‘To-Do’ list and got pushed off until tomorrow?
Looking at the requirements under HIPAA – it is easy to see how it can be overwhelming when you are starting from scratch or reviewing what you already have in place (if you are unclear about the HIPAA requirements – contact me).
Take a new philosophy on HIPAA Compliance and Commit to 3 tasks daily. Think of the movement towards HIPAA compliance as your movement toward the different camps that the climbers make it to as they take the challenge of climbing Mt. Everest. This may sound silly or a little ‘too easy’ but when you take a complicated task and break it down to small daily tasks, it seems a little more achievable and not so overwhelming.
A Sample Week of HIPAA Tasks (Privacy Rule):
|Monday||1. Update Notice of Privacy Practices
2. Update process for Notice Signatures
3. Update P&P on Notice of Privacy Practices
|Tuesday||1. Review P&P on Uses and Disclosures of Protected Health Information
2. Observe processes for releasing health information
3. Evaluate documentation received for disclosures of health information
|Wednesday||1. Review recent Request for Amendments of Medical Record Documentation
2. Evaluate and Update Amendment Policy and procedure
3. Assure Amendment Request form is adequate are being process timely
|Thursday||1. Review all accounting of disclosure (AOD) requests
2. Evaluate and update AOD policy and procedure
3. Assure AOD Request form is adequate and requests are being process timely
|Friday||1. Evaluate areas that need re-training and education on practices reviewed this week
2. Create a training plan for workforce members
3. Evaluate and Update HIPAA Training Policy and Procedure
The one important item to remember is – YOU CAN’T GET IT DONE IN A DAY! To truly evaluate your level of HIPAA compliance, create and implement privacy and security practices within your organization, and effectively train your workforce – you need to dedicate time and effort to the project. And remember, once you get it all done – it is not time to sit back, relax and never worry again. It is the time for evaluation and assurance that what has been established for HIPAA compliance with what is being practiced within your organization – similar to climbing back down Mt. Everest.
Remember the famous Spanish saying “Poco a Poco se va lejos” (Little by Little, One Goes a Long Way). Small steps can make all the difference in the successful creation, evaluation, and execution of a solid and complete HIPAA Compliance Program!