BAs and subcontractors need to take a closer look at compliance
HIM-HIPAA Insider, January 18, 2016
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
The best way to begin, according to Ben Burton, JD, MBA, RHIA, CHP, CHC, CRC, a consultant for First Class Solutions, Inc., in St. Louis, is with an assessment of your organization's entire body of policies and procedures, keeping in mind your organization's resources. Are your policies practical? Are they realistic? Should they be updated or modified to reflect changes in technology, business models, or laws? And, most importantly, are they being followed?
"One of the things I think that most organizations, even pre-HITECH or post-HITECH, is they view that a policy is enough to check the boxes enough for them, but they have to have a policy and then they have to follow up on it," Burton says. "The auditors that are going to come in, or they're going to step up their HIPAA audits again, are going to look and say, 'Great, you have a policy—now what are you doing?' "
A policy is only worth something if it's being followed. That means the privacy and security officer also has to be an educator. Providing the minimum amount of training isn't enough, Burton says. Many of the recent major breaches have been caused by phishing and social engineering emails, in which employees have essentially, although unknowingly, handed over access to PHI to hackers. "If you have the best security in the world, but you let a hacker in your front door, there's nothing you can do about it," Burton says.
This article was originally published in Briefings on HIPAA. Subscribers can access the full article in the January 2016 issue.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- The consequences of an incomplete medical record
- Practice the six rights of medication administration
- Nursing responsibilities for managing pain
- Note similarities and differences between HCPCS, CPT® codes
- Complications from immobility by body system
- Q&A: Primary, principal, and secondary diagnoses
- Skills of effective case managers
- Prevent dehydration with nursing interventions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Correctly bill ancillary bedside procedures in addition to the room rate
- The Cincinnati Pre-Hospital Stroke Scale
- Q: Will Medicare cover homecare services to residents of assisted living facilities (ALFs)?
- Q/A: Coding infusions to correct low potassium levels
- Q&A: Utilization Review Committee Membership
- OB services: Coding inside and outside of the package
- Know the medical gas cylinder storage requirements
- Intravenous therapy guidelines
- ICD-10-CM coma, stroke codes require more specific documentation
- Eight tips to improve MRI throughput
- Searched
-
- cold weather preparedness in hospital
- 99285 and 99285 with modifier 25
- Nursing home administrator
- 72 hour supervised fasting
- 5.If the ICD10CM replaces ICD9CM Volumes 1 and
- anesthesia code for 45331
- Dynaper
- evidencebased competency management INVALIDem
- How to prevent hospitalacquired pressure ulcersinj
- INFECTION CONTROL