Help Me With HIPAA artwork

Episode 16: Seven Steps for Nurturing a Culture of Compliance

Help Me With HIPAA

English - August 28, 2015 10:30 - 36 minutes - 49.8 MB - ★★★★★ - 61 ratings
Business Technology hipaa businessassociate coveredentity privacy security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 15: It's not just about HIPAA anymore
Next Episode: Episode 17: Compliance Management with ComplyAssistant

Culture of compliance is the phrase OCR uses when defining what they are looking for in an audit or investigation. They also use the phrase robust compliance program in the same manner. Using these steps is a great way to make sure your organization is following their lead.


Links

ComplyAssistant Compliance Management Solution 


Spher EHR Access Monitoring Solution


FindHealthcareIT


HIPAAforMSPS.com


Kardon Compliance


Notes

7 steps to improving your Privacy & Security policies and procedures and nurturing a Culture of Compliance:

Designate a Compliance (Privacy & Security) Officer
First, the law requires you do this. But, if no one is in charge then nothing will happen, we all know that to be the case. Or, in a vacuum of leadership someone else will take charge and handle things the way they think they should be done without the support of management. 

Train and educate your staff and BA partners
Constantly restating the same information over and over in a variety of ways may be annoying to some but that means they have heard it! Also, don't forget to work with your BA partners to confirm they actually understand what HIPAA compliance requires in their organizations.

Implement an ongoing Compliance maintenance solution
This is what we talk about using tools such as ComplyAssistantSpher, and professional MSP monitoring and management applications. Either use the tools or develop manual internal controls and processes to accomplish those same documentation and audit tasks on a regular basis. 

Conduct regular and complete audits and monitoring of all ePHI systems If you are ignoring it then so will everyone else in your organization.

Monitor and respond to Incidents in a timely manner (State & Federal regulations)
We all freak out together as soon as we know something could havehappened to our PHI.

Adhere to a strict breach remediation protocol
Define your breach plan and use it every time. After any case that it was used, then review it to make sure you don't need to change or add things in the plan.

Create a open line of communication for management and staff
The law requires you to never retaliate towards any person who files a complaint or reports a problem including a breach. If you don't make it clear that you fully support that rule and all workforce members are free to ask any question, file any complaint, and report any concern then you will likely be missing things just because someone was afraid to tell.