• E-mail
• Print
• RSS

Make networking, monitoring part of your ongoing compliance efforts

HIM Connection, May 9, 2006

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

Make networking, monitoring part of your ongoing compliance efforts

Privacy officials and compliance officers who believed they could rest on their laurels once the final enforcement rule's compliance date of March 16, 2006 passed are in for a rude awakening. They must address even more concerns now than three years ago.

"Some people said HIPAA [Health Insurance Portability and Accountability Act] would be over now," says Debra Mikels, corporate manager for confidentiality at Partners Health Care System, Inc., in Wellesley Hills, MA. "But it's never over. And now there's so much going on regionally and nationally regarding the sharing of electronic health information. It's HIPAA-plus."

Your organization shouldn't wait for a major privacy breach to learn that your compliance efforts are lacking. Instead, make compliance an ongoing effort, by updating and improving your practices.

"Initially, when organizations were first approaching HIPAA's compliance deadlines, privacy officials and compliance officers focused on getting their policies, procedures, and training in order," explains Frank Ruelas, MBA, compliance officer at Gila River Health Care Corporation in Sacaton, AZ. "Now they may have more time to focus on other, more reactive efforts."

Those efforts should include sharing ideas with others and regularly monitoring compliance.

Get help from others
The best way to identify your compliance programs' strengths and weaknesses as well as solutions to common problems is to network with others. For example, compare notes with department managers, other leaders in your organization, and privacy officials working for other organizations.

Put HIPAA concerns on the agendas for departmental meetings, says Ruelas. "Do it at least quarterly. I do it bimonthly," he says. Prioritize based on the departments' interaction with patients.

For example, start with registration, HIM, or medical staff. Discuss matters such as compliance challenges, shortfalls in training, and common patient questions.

Network with at least two other privacy officials-preferably one working for a similar organization and another whose compliance program you admire. Meet for lunch, have a weekly call, or e-mail each other with ideas, says Ruelas.

"They're people to bounce ideas off of. It's been extremely beneficial to me." To find these privacy officials, look toward professional associations, but nothing beats just picking up the phone, he says.

Editor's Note: This article was adapted from the newsletter Briefings on HIPAA published by HCPro, Inc.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive