HIPAA Compliance Program & Consulting Services
Take our HIPAA Assessment
Did you know...
HIPAA enforcement isn’t just a scare tactic anymore. The “HIPAA police” are here and they mean business, potentially your business! Can your pharmacy afford not to be in compliance this year? Not doing so could mean up to a $1.5 million fine! Jeff Hedges, The HIPAA Guy ® and his team provide a turnkey, easy-to-follow HIPAA Compliance Manual and Program for you and your facility that exceeds federal HIPAA statutes and Medicare Accreditation (Quality) Standards.
Three years ago, our facility experienced a significant HIPAA breach when electronics were stolen during a robbery. Subsequently, a full HIPAA compliant response was made and then reported to the Office of Civil Rights (OCR). Once the response was completed, the event documentation was filed and the incident was forgotten. Two years later, we were surprised to receive notice from the Office of Civil Rights requesting a full review of our remediation activities. This notice created immediate anxiety, but fortunately we had just subscribed to the HIPAA Compliance program with RJ Hedges & Associates. The OCR investigation dragged on for 12 months with one inquiry leading to another. RJ Hedges helped us through the lengthy and stressful OCR inquiry and put us at ease with their professionalism and expertise. Happily, the case was recently closed with a full approval by OCR of the measures applied and documentation thereof.
With full transparency, I can say it has been a pleasure working with Jeff Hedges and his team. Based on my experience and the value received, I heartily recommend RJ Hedges & Associates for your regulatory compliance needs.
Common HIPAA Compliance Questions
- What are the most requested HIPAA items during an audit from HHS or OCR?
- How can I prevent a HIPAA security breach?
- My drug wholesaler/franchise provides us with trainings and policies & procedures, does that cover me for HIPAA?
- Who needs to have a HIPAA Compliance Program in place?
Here are some items being requested during audits from Health Human Services and the Office for Civil Rights:
- Notice of Privacy Practice
- Disaster Recovery (Contingency) Plan
- Risk Analysis
- Risk Management Plan
- Random selection of policies and procedures -
- Annual Privacy Assessments
- Annual Security Assessments
Want to learn more about these documents? Click here to read our post HIPAA Enforcement has started: 4 documents you need to have now!
We have seen a sharp increase with HIPAA breaches. Below is a list of items to check to ensure you are not exposed:
- Computer systems are password protected with an 8 character password (upper case letter, lower case letter, number and a symbol)
- Computers and laptops are encrypted
- Remote fax servers are password protected and encrypted
- Building is secured with a double locking system
- Security cameras are installed and working
Most HIPAA materials provided by your drug wholesaler/franchise are templates or generic policies and procedures. These documents are not customized to your facility which means your facility will likely need to spend many hours completing these documents on your own. Doing so can be risky if you are unaware of the specific rules and regulations or support documents needed to be 100% compliant. Certain compliance documents that are heavily specific to your facility are your Disaster Recovery Plan, Risk Analysis, Risk Management Plan, and all the Business Associate Agreements between your facility and your business associates.
While these are some of the most common HIPAA documents specific to your facility, there are over 70 policies and procedures customized for your facility within our R.J. Hedges HIPAA program plus an additional 70+ support documents. Because every facility is different and has it’s own unique needs, these documents must be customized, maintained and updated to be 100% compliant.
Any business in the healthcare industry that interacts with patient information needs to comply with HIPAA requirements. HIPAA compliance impacts not only your healthcare facility but your vendors as well. Any person or company who has access to patient information outside of your facility, also known as a Business Associates, must also comply with HIPAA requirements.
Our compliance strategists would be happy to schedule an appointment to discuss any other HIPAA compliance questions. They can also provide recommendations on compliance solutions you may already have access to. Click below to sign up and schedule a 1-on-1 session.
WHAT SETS US APART FROM THE COMPETITION?