BAs and subcontractors need to take a closer look at compliance
HIM-HIPAA Insider, January 18, 2016
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
The best way to begin, according to Ben Burton, JD, MBA, RHIA, CHP, CHC, CRC, a consultant for First Class Solutions, Inc., in St. Louis, is with an assessment of your organization's entire body of policies and procedures, keeping in mind your organization's resources. Are your policies practical? Are they realistic? Should they be updated or modified to reflect changes in technology, business models, or laws? And, most importantly, are they being followed?
"One of the things I think that most organizations, even pre-HITECH or post-HITECH, is they view that a policy is enough to check the boxes enough for them, but they have to have a policy and then they have to follow up on it," Burton says. "The auditors that are going to come in, or they're going to step up their HIPAA audits again, are going to look and say, 'Great, you have a policy—now what are you doing?' "
A policy is only worth something if it's being followed. That means the privacy and security officer also has to be an educator. Providing the minimum amount of training isn't enough, Burton says. Many of the recent major breaches have been caused by phishing and social engineering emails, in which employees have essentially, although unknowingly, handed over access to PHI to hackers. "If you have the best security in the world, but you let a hacker in your front door, there's nothing you can do about it," Burton says.
This article was originally published in Briefings on HIPAA. Subscribers can access the full article in the January 2016 issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- CMS seeks comment on quality measures
- Practice the six rights of medication administration
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- ICD-10-CM coma, stroke codes require more specific documentation
- Nursing responsibilities for managing pain
- OB services: Coding inside and outside of the package
- Q&A: Primary, principal, and secondary diagnoses
- Clearing up the confusion: CPT codes 76376 and 76377
- CMS creates web portal for questions about 1135 waivers, PHE
- E-mailed
-
- Coronavirus vaccination: 4 best practices for communicating with patients
- Grievances, Complaints, and Patients’ Rights
- Including 46600 in E/M leveling systems
- How to get reimbursed for restorative nursing
- Five keys to creating a CHF disease management program
- Fetal non-stress tests represent important part of maternal and fetal health
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students
- Coding tip: Know how to correctly code each procedure an otolaryngologist can perform on turbinates
- Coding Clinic reiterates guidelines for provider documentation
- CMS creates web portal for questions about 1135 waivers, PHE
- Searched