Corporate Compliance

Tip: Simple, affordable efforts make small providers HIPAA-ready

Compliance Monitor, March 23, 2005

With the HIPAA security rule deadline only a month away, you need to pick up your compliance efforts a notch. Regardless of your size, all covered entities must be ready by April 20.

This is easier said than done for small organizations, where the extent of work necessary to comply with HIPAA security may seem overwhelming. But being ready doesn't necessarily require emptying your organization's bank account or moving into panic mode.

Even mom-and-pop providers with only a few full-time employees can be ready by April by using the following easy, inexpensive tips to kick compliance efforts into high gear:

Divide HIPAA tasks among employees. As a small organization, your employees may already do double duty and understandably, you may not want to burden them with additional tasks.

Most of the required security measures are common-sense business practices, therefore, assessing your security-readiness and making efforts toward HIPAA compliance shouldn't take long.

Once you know what you must do to prepare for the upcoming deadline, divide the responsibilities among your employees. This move decreases the chances of overburdening them and increases the likelihood that the work will actually get accomplished.

Use available resources. With such a detailed rule, it's understandable to feel anxious about complying with all its components, especially in small organizations where a few people each wear many different hats.

Review your current security measures. You may discover that you already have many of the recommended security safeguards in place and have less work to do than you thought. Most of the requirements cover computer security. For example, HIPAA requires such measures as data encryption, firewalls, virus protection software, and spyware protection. In most cases, when you first installed your computer networks, you also installed many of these security features.

Editor's note: Adapted from "Simple, affordable efforts make small providers HIPAA-ready," Briefings on HIPAA, February 2005.

Most Popular