2019 is officially started and you need a HIPAA plan that keeps you in compliance and keeps your patients and employees protected. Here are FIVE resolutions you need to KEEP in 2019:
(1) Perform a HIPAA Gap Analysis
A Gap Analysis, also called a Security Assessment or Risk Assessment, is required annually by the HIPAA law. And, the Office of Civil Rights under HHS, the entity responsible for enforcement of HIPAA, has made completion of the Risk Assessment a key requirement for all covered entities and business associates. Templates are available to guide your efforts, some free, some at a cost. Be sure that you follow the NIST requirements to ensure full HIPAA compliance.
(2) Set SMART Goals
The benefit of doing a Risk Assessment or Gap Analysis early in the year is that the results provide you with a roadmap to strengthen your compliance. By reviewing your current policies and procedures and results, your goals for this year will be clear. Be sure to set them using the SMART approach. Make the goals SMART by being sure they are Specific, Measurable, Achievable, Relevant and Time Bound. SMART goals are shown to be met more consistently. What gets measured, gets done…so by setting SMART goals you help ensure success.
(3) Train Your Staff
The HIPAA law requires initial and on-going training of all employees who handle or may have access to protected health information (PHI). Be sure that you train your staff this year and maintain an audit trail for that training. Being able to demonstrate that training was completed is important should a violation occur or if you are chosen for audit.
(4) Organize and Maintain Needed Documentation
HIPAA requires a plethora of documents to ensure compliance. Over 20 specific policies and procedures are needed to comply with HIPAA. Then, a Business Associate Agreement is required for each vendor you deal with who may have access to PHI. Audit trails of training, policy review, password maintenance and various other required processes are needed to keep your practice or entity safe from penalties and in a position to provide security for your patients and employees. Be sure that you have a good way to retain and revise these documents an be sure you communicate this to staff so there is a clear understanding of how you maintain HIPAA compliance for your organization.
(5) Provide On-Going Training Throughout the Year
Keep HIPAA at the forefront for your staff this year. Provide updates when policies or procedures change or as you review them and keep them as is. Let staff know where to find the policies and procedures. Be sure EVERYONE knows who the HIPAA Officer is and how to contact them should a need arise. You would be amazed at how many front desk receptionists do not know who the HIPAA Officer is – this is NOT good. Be sure all your staff knows the answer to that question. Use breaches as learning exercises in your team meetings.
We will be provided information in future posts to help with on-going training. The Discovering HIPAA Vault tm was developed to support you in meeting your HIPAA goals. Visit us TODAY at www.discoveringhipaa.com.