Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has greatly affected the medical and insurance industry. It laid down standards for health providers, plans and clearinghouses that holds them legally responsible for keeping medical information private regarding their customers. No longer can an idle worker at a hospital or health plan organization leak medical information on a patient without putting their employer in jeopardy. The consequences include heavy fines and possibly jail time. For this reason, it's truly important that your office be HIPAA compliant. Below is a simple HIPAA checklist - six ways to get your office in order in regards to this act.
1. Appoint an HIPAA officer.
An HIPAA officer's job is to help educate and enforce HIPAA compliance in your office. He (or she) should understand this law thoroughly and be able to translate it. Also, your HIPAA officer should be fully prepared to handle any mishaps.
2. Set safety guards to enforce HIPAA.
Put safety guards in place to protect the privacy of your customer's medical information. They should aide employees in avoiding the accidental release of medical information to unauthorized parties. Here are a few common practices:
- Locked (unattended) medical cabinets and desk drawers
- Locked (unattended) computer screens
- Computer passwords that are employee specific
- Overturned or enclosed medical documents on (unattended) desks
- Required fax covers with privacy statements on them
- Protected e-mail portals
- Secure offices in which only badge-wearing employees can enter
- Secure computer backup systems
- Secure disposal of medical information through shredding
- No office entry rules for visitors
3. Educate your employees on HIPAA.
Hold annual meetings to educate and re-educate your employees on what HIPAA is and what needs to be done to be compliant. Afterwards, test them. Make sure they know what you know so no one can claim ignorance in the event he or she breaks the law.
4. Educate your business associates.
If a business associate has access to the medical information in your office, they too should be HIPAA compliant. As a result, they must understand the rules of doing business with you and the HIPAA act. Otherwise, they can put you in legal and financial jeopardy. Therefore, require that they also do an annual review and testing regarding HIPAA.
5. Give consequences to HIPAA offenders.
Sadly, some employees will never follow HIPAA. Either their scruples or inability to focus won't allow them to do the right thing. As a result, the HIPAA Officer and Human Resources Officer needs to write up a disciplinarian action for people like this that leads to them losing their job. This will send a message to everyone in your office that complying with HIPAA is important.
6. Create an office motto about HIPAA.
Create an office motto that employees can think of quickly when handling private medical information. A popular one is 'give out only what is minimally necessary.' This lets the employees know that they should not release details about a customer's medical information to anyone and if it's okay to do, it should be done with discretion.
In conclusion, the above is a simple HIPAA checklist; it's six ways to make your office HIPAA complaint. Use these tips and increase the success of your employees in avoiding HIPAA violations. For more information on HIPAA, visit the website or contact a representative of Allpoint Compliance