• E-mail
• Print
• RSS

Documentation tips for HIPAA security - make it clear

Staff Development Weekly: Insight on Evidence-Based Practice in Education, January 9, 2004

Want to receive articles like this one in your inbox? Subscribe to Staff Development Weekly: Insight on Evidence-Based Practice in Education!

Here are some general policy and procedure compliance tips for the HIPAA security rule that you and your employees should keep in mind, according to Kate Borten, CISSP, founder of The Marblehead Group, Inc., a national security and privacy consulting firm for health care based in Marblehead, MA. Besides being required by the HIPAA rule, documentation has true value in assessing processes and educating staff. First, if you are required to document, you are forced to review the processes you follow for the HIPAA security rule. This helps you uncover gaps and inconsistencies. Second, documentation helps ensure that everyone understands the organization's expectations. Third, it also helps ensure consistency. Finally, clear and current policies and procedures provide an invaluable training tool for new employees. If you work for a smaller unit, office, or facility, it is acceptable under HIPAA to write "standard operating procedures" instead of spelling out formal policies. The important items are the content and the fact that the policy is in writing and followed by your work force. Larger, more complex organizations should separate policies from procedures. That allows different procedures in different parts of the organization to support the same HIPAA-related policy. Also, policies should be able to withstand the test of time with periodic (e.g., annual) review.

For more details on these HIPAA compliance tips, go to PPS Alert for Inpatient Rehab, click here

Back to top

Want to receive articles like this one in your inbox? Subscribe to Staff Development Weekly: Insight on Evidence-Based Practice in Education!

• E-mail to a Colleague
• Print
• RSS
• Archive