HIPAA compliance: Where do you stand?
The confidential storage, retrieval and decimation of electronic patient records and healthcare information is a critical issue facing today's healthcare professionals. Newer updates and changes to existing laws and regulations have increased the chances of non-compliance, and some healthcare organizations (yours, perhaps?) may be at risk of serious violations without even realizing it.
The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to create a set of national standards for the transference of electronic health data. The HIPAA Privacy Rule was established to protect the privacy and security of personal health information, and set limits and conditions on the uses and disclosures of such information without patient authorization.
HIPAA Requirements Overview
- According to HIPAA regulations, who's covered and what does it mean in practice
- Latest updates related to privacy/security and medical records — includes Privacy Rules and Security Rule
- Penalties: What are the "real" penalties you can expect to pay if you violate HIPAA compliance requirements?
Risk Assessment and Safeguards
- HIPAA Compliance Risk Assessment: Could you unknowingly be in violation of HIPAA requirements?
- How does your organization stack up? Where are your "weakest links" and how can you strengthen them?
- Tips and tools to help you identify your biggest risk areas — people, policies/procedures, technology, etc.
- Putting safeguards in place: Where to start, how to proceed, how to achieve organizational-wide buy-in of new procedures
- Administrative practices: How to get your people to revise their actions, change their procedures and get on board with new policies
- Physical records: How to ensure paper records are stored and accessed securely
- Technical issues: What are the most common computer and technical security issues you must be aware of?
- Protect your e-records by limiting access, installing controls and imposing passwords
Policies and Procedures to Ensure Security and Proper Handling of Patient/Medical Records
- What are your current policies and procedures? Where can you improve?
- Proposed changes to procedures: How to get everyone on board regarding electronic access, storage and fulfillment of requests
- Who should have access to records within your organization?
- How to communicate your policies and procedures:
- Within your organization
- To patients and patient family members
- To other entities requesting information
- The difference between patient "consent" and patient "authorization"
- What you can do to simplify the process and implement cost-effective security measures
Records Distribution, Retention and Destruction
- How do you transfer vital information to parties who need access to records, while maintaining strict security according to HIPAA mandates?
- Other healthcare practices
- Insurance companies for billing/insurance purposes
- Medicare/Medicaid implications
- Who is allowed access to the following e-records?
- Doctor notes
- Prescription orders
- Tests/lab results
- Documentation requirements for distribution of records: Are you following these HIPAA procedures?
- Retention of patient records: What are you required to keep, and what are you required to destroy?
- How to dispose of secure documents and ensure that security procedures are in place and enforced
- How to follow HIPAA's requirements regarding document disposal
- Strategies for finding the right document destruction service
- How long must you keep patient records? What happens if you destroy them too soon or hang on to them for too long?