When you start searching the web for “HIPPA Policies” it means that you have not paid attention in your annual HIPAA training where HIPAA is spelled with one P and 2 A’s. Second thing is that you do not know that HIPAA regulation has privacy rule and security rule requirements. These rules require companies to create policies and procedures and implement those to ensure compliance with these rules.
To comply with the HIPAA regulations one has to understand the difference betweenHIPAA Privacy Policies and Security Policies. Following are some of the policies that are required as per the Privacy rule requirements. You need close to 50+ documents to address these issues.
Authorization for Release of Protected Health Information, Authorization To Use Disclose Protected Health Information, Business Associate Agreement, De-identified Information and Limited Data Sets, Employee Confidentiality Agreement, Notice of Privacy Practices, Patient Right to Access PHI, Document Retention Requirements, Release for Law Enforcement, Release for Workers Compensation, and many more
The HIPAA security rule has much more elaborate requirements that are divided into three sub sections of administrative, physical and technical safeguards. There are around 30+ documents required as per the administrative safeguard rule which includes Breach Notification Policy, Sanction Policy, Workforce Security, Termination Procedures, Access Authorization, Security Awareness & Training, Password Management, Contingency Plan, Data Backup Plan, Applications, Data Criticality Analysis and many more.
There are around 12+ documents required as per the physical safeguard rule which includes Facility Access Controls, Facility Security Plan, Contingency Operations, Mobile Device Policy, Disposaland many more.
There are around 10+ documents required as per the technical safeguard rule which includes Unique User Identification, Emergency Access Procedure, Access Control, Encryption and Decryption, Audit Controls.
The first step to start with your HIPAA compliance is to train your HIPAA privacy / compliance officer with the comprehensive training of Certified HIPAA Privacy Security Expert (CHPSE). The 24 hours long training of CHPSE ensures that the person responsible for your HIPAA compliance has the right level of training to make company HIPAA complaint. Training makes it easier to understand the difference between HIPAA Privacy Policies and Security Policies requirements and how to achieve compliance.
Many of the fines and penalties imposed by the office for Civil Rights (OCR), which is responsible for enforcing HIPAA regulation could have been avoided if companies had trained their employees at right level and had created HIPAA policies and implemented them. To jump start on creating your HIPAA privacy and HIPAA security policies and procedures, you can buy the templates. It is important to make sure that polices are updated for the HITECH act and Omnibus rule and are in the editable MS Word format so you can make changes as needed. Using the templates can save you thousands of dollars in the man hours which can be used to customize the policies as needed.
After creating your HIPAA policies, it is important that they are implemented at your location so you meet the rule requirements.
No comments:
Post a Comment