By Jack Anderson
March 3, 2016
HIPAA rules cover a broad spectrum of issues but they cluster around three main issues; risk assessment, policies, and training. If you can prove that you do “periodic risk assessments”, routinely update your policies, and train your staff you are in HIPAA compliance. When getting started on HIPAA compliance there are two important HHS philosophies to understand; Reasonable and Appropriate and Progress not Perfection.
Reasonable and Appropriate is recognition by HHS that one size does not fit all. While both a sole proprietor taking health insurance applications or transcriptionist and a large hospital are required to be HIPAA compliant many things that apply to hospital do not apply to the solo independent healthcare worker. Make sure that you start with a program that is specifically designed for the size and complexity of your organization.
Progress not Perfection is recognition that no organization is totally HIPAA compliant at all times, there are too many moving parts. What they want to see is that you have a plan, that you are executing on this plan, and that you are documenting your activities. Supervision and advice from a HIPAA expert adds further validity to the process.
Here is our plan for getting an organization with 20 employees or fewer into initial HIPAA compliance in a few days.
-
Determine size and complexity of the organization
-
Eliminate unnecessary requirements
-
Do an automated risk assessment
-
Have them edit an initial set of policy templates under the supervision of a HIPAA expert
-
Schedule staff for security awareness training
-
Do a follow up risk assessment
Initial HIPAA Compliance!
Cost; $99-$395 depending on size and complexity of organization
Staying HIPAA compliant will be my topic for tomorrow’s blog. In the interim, take a look af Jumpstart and the Free HIPAA Risk Assessment at www.compliancehelper.com