Here are some items being requested during audits from Health Human Services and the Office for Civil Rights:
Want to learn more about these documents? Click here to read our post HIPAA Enforcement has started: 4 documents you need to have now!
Most HIPAA materials provided by your drug wholesaler/franchise are templates or generic policies and procedures. These documents are not customized to your facility which means your facility will likely need to spend many hours completing these documents on your own. Doing so can be risky if you are unaware of the specific rules and regulations or support documents needed to be 100% compliant. Certain compliance documents that are heavily specific to your facility are your Disaster Recovery Plan, Risk Analysis, Risk Management Plan, and all the Business Associate Agreements between your facility and your business associates.
While these are some of the most common HIPAA documents specific to your facility, there are over 70 policies and procedures customized for your facility within our R.J. Hedges HIPAA program plus an additional 70+ support documents. Because every facility is different and has it’s own unique needs, these documents must be customized, maintained and updated to be 100% compliant.
We have seen a sharp increase with HIPAA breaches. Below is a list of items to check to ensure you are not exposed:
Any business in the healthcare industry that interacts with patient information needs to comply with HIPAA requirements. HIPAA compliance impacts not only your healthcare facility but your vendors as well. Any person or company who has access to patient information outside of your facility, also known as a Business Associates, must also comply with HIPAA requirements.
Our compliance strategists would be happy to schedule an appointment to discuss any other HIPAA compliance questions. They can also provide recommendations on compliance solutions you may already have access to. Click below to sign up and schedule a 1-on-1 session.
Three years ago, our facility experienced a significant HIPAA breach when electronics were stolen during a robbery. Subsequently, a full HIPAA compliant response was made and then reported to the Office of Civil Rights (OCR). Once the response was completed, the event documentation was filed and the incident was forgotten. Two years later, we were surprised to receive notice from the Office of Civil Rights requesting a full review of our remediation activities. This notice created immediate anxiety, but fortunately we had just subscribed to the HIPAA Compliance program with RJ Hedges & Associates. The OCR investigation dragged on for 12 months with one inquiry leading to another. RJ Hedges helped us through the lengthy and stressful OCR inquiry and put us at ease with their professionalism and expertise. Happily, the case was recently closed with a full approval by OCR of the measures applied and documentation thereof.
With full transparency, I can say it has been a pleasure working with Jeff Hedges and his team. Based on my experience and the value received, I heartily recommend RJ Hedges & Associates for your regulatory compliance needs.
Scott P Michigan[fa icon="quote-right"]