By Jack Anderson
April 1, 2014
A HIPAA compliance checklist is a quick way to assess your compliance status. While it is not a replacement for a HIPAA risk assessment it will generally tell you what you need to do and where you need to start. But even a risk assessment is not the best way to measure and demonstrate your on-going HIPAA compliance. HHS has not given anyone the authority to “certifiy” your organization’s HIPAA compliance. Their stated position is that HIPAA compliance is a process not an event. This process is on-going and it is important to know youer status on an on-going basis.
This is why, working with our privacy and security expert, Rebecca Herold, we developed HIPAA compliance metrics. Keeping your policies, procedures, and forms up-to-date is critical as is documentation of your compliance activities. The Compliance Meter(tm) displays the current status of policie, procedures, and forms as well a the performance of compliance activities. This is a useful tool for those charged with HIPAA compliance in an organization as well as their mangement, but even more critically it demonstrates to your business partners and clients that you are compliant on an on-going basis.
The old idea of a “compliance manual” is as out of date as a manual typewriter. Buying a manual and putting it up on your shelf is not HIPAA compliance. A friend of mine sold these manuals and to make sure it was noticed when it arrived he had it shrink wrapped in bright pink plastic. Update pages were shipped wrapped in bright yellow plastic but intended to replace the corresponding pages in the manual. He told me that if he actually visited any of his clients he invariablly would encounter the manual, still in it’s original pink shrink wrap with the yellow shrink wrapped pages neatly stack on top. If a business partner, auditor. or client ever saw this they would immediately know that the organization was not only not compliant, but guilty of willful neglect.
The 21st century approach to this is an on-line service offering templates of policies, procedures, and forms to be edited by the organization under the supervision of a privacy and security expert, monthly lists of compliance tasks that need to be accomplished, updates of policies, procedures, and forms as needed, and the Compliance Meter (tm) keeping track of all of this.
Download the HIPAA Compliance Checklist, figure out whether you need our help, watch our videos, and then sign up. If you have questions contact me at jack@compliancehelper.com or on my cell phone at 707-217-8864.