With the Proper Care and Planning, Compliance Doesn't Have to Be Complicated

Achieving compliance with security and privacy mandates like the Health Insurance Portability Accountability Act (HIPAA) is just the beginning. But wait; compliance is absolutely attainable and manageable-if you are vigilant. It helps to think of compliance as an ongoing process that is integral to everything from new-hire training practices to high-level IT decision making.

However, many healthcare providers are mistakenly operating under the assumption that because they meet HIPAA privacy and security rules, now they are in the clear. This false sense of security is furthered by a relative lack of enforcement. HIPAA is currently complaint-driven; just because you haven't had a complaint filed against you, doesn't mean you are properly maintaining compliance.

Be proactive! Use this simple list of questions to determine if your organization is as compliant as it could be:

• Is employee computer access limited by job description?
• Are information-system security and privacy tools, such as password changes and login timeouts, fully utilized?
• Do all new hires receive HIPAA training? Is it documented?
• Are all providers with access to protected health information required to sign a confidentiality agreement that includes individual accountability?
• Have your HIPAA policies and procedures been reviewed?
• Has compliance with them been monitored?
• Is verbal proof of identity required from callers before protected information is provided?

These questions serve as a guide to help you evaluate where you stand. The most effective way to determine your level of compliance is to physically follow the path of a medical record from creation at patient registration through patient discharge.

HealthConnection can help you assess your current situation and offer privacy and security solutions both you and your patient can trust.