By Jack Anderson
August 18, 2014
Staying HIPAA compliant is a complex process with a lot of moving parts. Your company is constantly changing and evolving with software changes, personnel changes, new services, and many more potential changes. Meanwhile, the HIPAA standards are changing requiring changes in your policies, procedures, forms, and tasks. As you respond to these changes, documentation of your accompanying changes in your HIPAA compliance are mandatory. A policy and procedure manual sitting on a shelf or a two year old risk assessment or checklist won’t protect you.
Here is a very possible scenario for you; a regulatory agency or a business partner sends you a survey or perhaps does a “desk audit” by asking you for certain documents such as specific policies and procedures or a recent risk assessment. Are you ready today? Will you be ready next week or next month? I always think about the old American Express commercial that featured Karl Malden saying “what would you do, what would you do?” if you had a financial emergency so I will ask you the same question, What would you do?
We let people download a free HIPAA compliance checklist from our website at www.compliancehelper.com but we accompany that with a caution that a checklist is not the same as a risk assessment or risk analysis and that a risk assessment or analysis that is out of date has little value.
Most large healthcare organizations have what is referred to as a GRC (Governance, Risk management, and Compliance) system. For small to medium healthcare organizations the cost of these six figure systems is prohibitive. On a smaller scale a HIPAA compliance system is more manageable and more cost effective.
The HIPAAsure™ system is an example. It provides a set of tasks to walk you through a process of setting up a comprehensive HIPAA privacy and security system while documenting your activities, and connecting you to a HIPAA expert to check your work and answer your questions. Then on a monthly basis it gives you a new task list of activities required to maintain your compliance. Your performance is measure and the results displayed through the Compliance Meter®. This widget is on your private and secure website provided by Compliance Helper but may also be displayed on your marketing website as a sign of your on-going HIPAA compliance. Internally you are assured that you are compliant and externally your business partners are assured that you are compliant.
With services starting at $99 and $29.50 per month, every company in healthcare can afford to get compliant, stay compliant, and prove compliance with the Compliance Meter®.