Create a Culture of Privacy and Security
1) Creating a culture of privacy and security is one of the biggest challenges facing healthcare providers today.
2) Privacy and security are best achieved when the overall atmosphere in your office emphasizes confidentiality and of patient information.
Leaders that develop this culture will:
A) Consistently communicate your expectations that all members of your workforce protect patients’ health information
B) Guide your staff to comply with, implement, and enforce your privacy and security policies and procedures
C) Remind staff why keeping health information confidential is so important to patients and your practice in staff meetings or whenever the opportunity to instruct arises.
7 Steps to HIPAA Compliance
Understand the rules – review the regulations and learn about HIPAA
Assign Responsibility – appoint compliance officers
Make a list of your ePHI – identify your information systems
Conduct a Risk Analysis – assess vulnerabilities, prioritize risks, identify security measures
Implement Policies and Procedures – document all policies and procedures, document method to address security policies, select security controls to match policies
Deliver a compliance training program – train all employees and document training, conduct initial and on-going training
Monitor and document ongoing HIPAA progress and compliance – audit, monitor, and test privacy and security programs, integrate privacy complaints and security incidents
6. What
to
expect
1) Five Most Common Reasons for an Audit
2) Timeline if Audited
3) Creating a Culture of Compliance
4) 7 Steps to HIPAA Compliance
5) How to Conduct a Self Audit
6) Compliance Solutions
12. 5 COMMON CIRCUMSTANCES FOR AN AUDIT
1. Disgruntled ex-employee
2. A self-reported breach
3. Employee activists
4. Patient’s fear of breach
5. Random OCR visit
13. Day 1 Day 10 Day 30/90 Dependent on Completion of Fieldwork
Timeline
14. CREATING A CULTURE OF COMPLIANCE
• Patient-provider relationship
• Training on PHI safeguards
• Easy reference of Policies and
Procedures
• Addressing staff
• Re-assessing job functions
15. CREATE A CULTURE OF PRIVACY &
SECURITY
• Communicate
• Guide
• Remind
16. 7 STEPS TO HIPAA COMPLIANCE
1. Understand the rules
2. Assign Responsibility
3. List your PHI systems
4. Conduct a Risk Analysis
5. Implement Policies and Procedures
6. Training program
7. Ongoing HIPAA progress and compliance
27. “You must have love in your heart for the people
under your leadership.”
John Wooden
28. • Educate staff about process
• Make security a high priority
• Have an action plan
• Involve your EHR developer
• Specific to your practice
REMIND
32. Violation Category Penalty per Violation
Did not know what to do $100 - $50,000
Reasonable cause $1,000 - $50,000
Willful neglect, then corrected $10,000 - $50,000
Willful neglect, not corrected $50,000
Penalties for HIPAA
Violations
41. Consultation and Support
• Weekly and Monthly Updates
• Quarterly Newsletter
• Phone and E-mail Support
• Quarterly Assessment
42. Customizable Forms
• Notice of Privacy Practices
• Business Associate Agreement
• All HIPAA Privacy
• All HIPAA Security
• Gap/Risk Analysis
• HIPAA HITECH Breach Notification
• All OSHA
• All Medicare
• Employment Law
• RAC
• Posters
43. “Our HIPAA/OSHA compliance was a huge concern in our office, especially
after one of our employees filed a complaint with OSHA.
We started using HCSI 4 years ago and couldn't be happier with the program.
It's simple to set up and easier to use.
Do yourself a favor and sign up, it will make your life easier!”
-Dr. Kody Krause, DDS
Comfort Dental Thompson Valley, CO
Customer Testimonial
44. “HCSI kept my fanny out of the hoosekow with a cranky (bit
weirdo/psycho) patient who thought we had been naughty in multiple
ways.
Our association with you all made the difference. We passed the
inspection with flying colors and OCR told the "patient" to bug
off!! Loved It!”
-Lee Mecham Thrall, Clinic Administrator
Old Farm Obstetrics & Gynecology, L.L.C
Customer Testimonial