HIPAA Compliance for Healthcare Professionals

HIPAA compliance: Where do you stand?

The confidential storage, retrieval and decimation of electronic patient records and healthcare information is a critical issue facing today's healthcare professionals. Newer updates and changes to existing laws and regulations have increased the chances of non-compliance, and some healthcare organizations (yours, perhaps?) may be at risk of serious violations without even realizing it.

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to create a set of national standards for the transference of electronic health data. The HIPAA Privacy Rule was established to protect the privacy and security of personal health information, and set limits and conditions on the uses and disclosures of such information without patient authorization.

HIPAA policies and procedures in the real world — what would you do? Learn today with this informative HIPAA training course.

In this seminar, we'll take a fascinating look at the following real-life situations and reveal exactly how they should be handled to remain in compliance with HIPAA guidelines and protect your patients' rights.

• A family member requests patient information regarding a loved one in your care. Who are you required to provide information to in this case? Who must you legally exclude? How do you handle upset or irate family members who are demanding information you legally cannot provide to them?
• Law enforcement personnel have arrived at your facility asking for information on a new patient who is suspected in a crime. What can you provide and what can't you provide according to the law?
• While handling a request from a patient, you realize that information stored on a computer disk has become lost. What should you do next? What are your responsibilities to the patient in question? What are your risks and how can you mitigate these in the future?
• The front desk at your practice is very busy with patients and doesn't have a lot of room for patient privacy. What can you do to increase privacy with limited options?
• A patient's records were left open in view of other patients — what process/procedure has been violated, what are the risks to your organization and how do you correct this situation so that it doesn't happen again?
• You suspect that someone has been able to log into your e-records system — what steps must you immediately take to stop the breach and secure your records?
• Your practice has moved from paper to electronic files — what do you do with all the paper? And, even though you've moved to electronic files, your organization still relies on some paper information. How do you ensure information is properly transferred to the e-files and how long must you retain the paper information?

You may think you've got all your bases covered, but with HIPAA's complex guidelines and newer rules and regulations, it is easy to overlook key issues while accessing, storing and transferring sensitive patient records. This course is designed to help you protect the rights of your patients, while also protecting your practice or facility from non-compliance accusations and complaints.

HIPAA Requirements Overview

• According to HIPAA regulations, who's covered and what does it mean in practice
• Latest updates related to privacy/security and medical records — includes Privacy Rules and Security Rule
• Penalties: What are the "real" penalties you can expect to pay if you violate HIPAA compliance requirements?

Risk Assessment and Safeguards

• HIPAA Compliance Risk Assessment: Could you unknowingly be in violation of HIPAA requirements?
  • How does your organization stack up? Where are your "weakest links" and how can you strengthen them?
  • Tips and tools to help you identify your biggest risk areas — people, policies/procedures, technology, etc.
• Putting safeguards in place: Where to start, how to proceed, how to achieve organizational-wide buy-in of new procedures
  • Administrative practices: How to get your people to revise their actions, change their procedures and get on board with new policies
  • Physical records: How to ensure paper records are stored and accessed securely
  • Technical issues: What are the most common computer and technical security issues you must be aware of?
  • Protect your e-records by limiting access, installing controls and imposing passwords

Policies and Procedures to Ensure Security and Proper Handling of Patient/Medical Records

• What are your current policies and procedures? Where can you improve?
• Proposed changes to procedures: How to get everyone on board regarding electronic access, storage and fulfillment of requests
• Who should have access to records within your organization?
• How to communicate your policies and procedures:
  • Within your organization
  • To patients and patient family members
  • To other entities requesting information
• The difference between patient "consent" and patient "authorization"
• What you can do to simplify the process and implement cost-effective security measures

Records Distribution, Retention and Destruction

• How do you transfer vital information to parties who need access to records, while maintaining strict security according to HIPAA mandates?
  • Patient
  • Other healthcare practices
  • Insurance companies for billing/insurance purposes
  • Medicare/Medicaid implications
• Who is allowed access to the following e-records?
  • Doctor notes
  • Prescription orders
  • Tests/lab results
• Documentation requirements for distribution of records: Are you following these HIPAA procedures?
• Retention of patient records: What are you required to keep, and what are you required to destroy?
• How to dispose of secure documents and ensure that security procedures are in place and enforced
  • How to follow HIPAA's requirements regarding document disposal
  • Strategies for finding the right document destruction service
  • How long must you keep patient records? What happens if you destroy them too soon or hang on to them for too long?