Health Information Management

BAs and subcontractors need to take a closer look at compliance

HIM-HIPAA Insider, January 18, 2016

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The best way to begin, according to Ben Burton, JD, MBA, RHIA, CHP, CHC, CRC, a consultant for First Class Solutions, Inc., in St. Louis, is with an assessment of your organization's entire body of policies and procedures, keeping in mind your organization's resources. Are your policies practical? Are they realistic? Should they be updated or modified to reflect changes in technology, business models, or laws? And, most importantly, are they being followed?

"One of the things I think that most organizations, even pre-HITECH or post-HITECH, is they view that a policy is enough to check the boxes enough for them, but they have to have a policy and then they have to follow up on it," Burton says. "The auditors that are going to come in, or they're going to step up their HIPAA audits again, are going to look and say, 'Great, you have a policy—now what are you doing?' "

A policy is only worth something if it's being followed. That means the privacy and security officer also has to be an educator. Providing the minimum amount of training isn't enough, Burton says. Many of the recent major breaches have been caused by phishing and social engineering emails, in which employees have essentially, although unknowingly, handed over access to PHI to hackers. "If you have the best security in the world, but you let a hacker in your front door, there's nothing you can do about it," Burton says.

This article was originally published in Briefings on HIPAA. Subscribers can access the full article in the January 2016 issue.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular