When the HIPAA privacy laws first went into effect, medical practices were vigilant—but that hasn’t necessarily been the case recently. Some practices have relaxed their HIPAA compliance, and that’s a mistake. The government is still coming after violators, and has imposed more than $133 million in HIPAA settlements and penalties as of Sept. 30, 2022. To ensure you don’t end up facing massive fines, your best bet is to create daily, weekly and quarterly HIPAA checklists where you confirm that you’re staying HIPAA compliant.
As a good first step, check out the following four HIPAA checklist items you should tackle at least once every quarter. In future columns, Healthcare Training Leader will also share daily, weekly and ongoing HIPAA checklists to help you stay on top of every opportunity to stay compliant.
- Provide Guidance on Policies, Procedures
Creating a HIPAA plan is not a “set it and forget it” type of responsibility. Instead, you must periodically identify policies and procedures that should be worked into your privacy plan. That’s why it’s a good idea to sit down with practice management and administration (as well as legal counsel, if applicable) at least once per quarter to write down any new policies and procedures.
Make sure you outline the new information in plain English and share it with your entire staff so everyone has a copy of the latest information. Have everyone sign a document indicating they understand the latest updates and they’re poised for implementation — but don’t stop there…
- Perform Privacy Training
It’s not enough to make sure everyone on your staff signs off on a statement saying they understand you’ve implemented new privacy practices. You should also perform privacy training on a quarterly basis (if not more frequently) to go over the changes, and to provide refreshers on existing HIPAA policies.
This is helpful for new employees and for people who don’t have firsthand exposure to the latest updates, but it’s also a good practice for the entire staff to go over policies they may need a refresher on. It’s also a good time to point out any HIPAA errors you’ve seen occur in your practice. You don’t want to name names at the training, but you can say, “Last week, I found two patient charts sitting in the hallway, where anyone could have opened them and read them, and that’s a HIPAA violation….”
By sharing common errors you’ve seen at your practice (along with best practices on avoiding such errors), your staff will be in a good position to maintain HIPAA compliance throughout the year.
- Check Your Forms
When you update your policies and procedures, that may mean your HIPAA forms become out of date, so you should review them at least quarterly and create any updates as needed. This applies not just to your Notice of Privacy Practices and other patient-facing forms, but also to your internal guidelines as well.
If you do revise any patient-facing HIPAA forms, you’ll need patients to sign the new documentation when they come to your practice again. Provide them with a copy of the new policy and get a signature and date acknowledging that they reviewed and understand the information on the forms.
- Check With Vendors
Your HIPAA policies extend to your vendors and business associates, so you should also confirm that these individuals are working in accordance with your privacy practices, particularly if you’ve updated those guidelines recently.
At least once per quarter, participate in development, implementation, ongoing compliance and monitoring of all vendor partners and business associates to ensure all privacy concerns, requirements and responsibilities are addressed. You may need to work directly with their privacy officers to do this, but you must ensure that they’re working to keep your patients’ data safe and secure.
Want more HIPAA advice? Check out the online training session, “Comply With HIPAA Compliance Officer Practice Mandates.” During this 60-minute webinar, privacy expert Jay Hodes will walk you through every aspect of HIPAA compliance so you leave nothing to chance.
 |
Subscribe to Healthcare Practice Advisor |
| Get actionable advice to help improve your practice’s reimbursement, compliance, and success in this weekly eNewsletter. |
|
|
|