Once a clinic has established a HIPAA program it is important to maintain compliance in the clinic. As the threat landscape to patient data expands the importance of identifying vulnerabilities and addressing them is vital. With this in mind, we highly recommend that each practice develop a pattern of monthly meetings to discuss HIPAA concerns or to pass along friendly reminders. This can be a simple 5-10 minutes a month. By having all team members 'thinking' about HIPAA, it lightens the load for the Compliance Officer and builds a compliant culture in the clinic. Everyone should be a team player in safeguarding Protected Health Information (PHI). Sometimes though before a clinic strengthens their HIPAA compliance program through additional training they may want to to stop and assess their current status.
Evaluating HIPAA Health
Sometimes we think we got our ducks in a row only to find out the hard way that we don't even have ducks. At KMC University we never want to see a clinic lose all they worked hard for because of a compliance related violation. As time passes, even an established HIPAA program can get lost in the shuffle of staff changes and other priorities. For those who may have placed HIPAA on the back burner, we recommend the module Evaluate Your HIPAA Compliance Programmodule. It is designed to help a provider truly assess his/her current HIPAA compliance status by learning what is required and seeing how a clinic may look through the eyes of the Office of Civil Rights (OCR)—the enforcement body of the Department of Health and Human Services (HHS). Even if a provider feels s/he has a HIPAA program in place, we highly recommend a review of this course for a quick check on his/her clinic’s HIPAA health. Protecting patient information is a provider’s moral and legal responsibility.
Yearly Training
In addition to monthly reminders, we highly recommend a formal yearly training that includes documentation of completion for each workforce member, including the physicians, and/or owners. In this course you will find a module titled HIPAA Refresher Training. This is designed to provide a quick overview of key components of HIPAA compliance and tips for safeguarding patient information. Keep in mind, due to threats and vulnerabilities and the fact that human error is the biggest risk, we highly recommend additional training in security. This is available through KMC University's collaboration with Easy Tech Compliance.
What you will learn in this course
At KMC University we like to develop resources on hot topics and in this case areas in which most providers get into hot water. This course not only provides an evaluation module, refresher training, but also training on the rights of the patient, as it pertains to Right of Access and the Information Blocking Rule. The patient's HIPAA rights is an area that deserves extra attention, even if you have an established HIPAA program. As HITECH, ONC and HHS broaden their regulations and expectations, we will continue to provide additional modules to this course that focus on social media, marketing, and privacy regulations. Check back often for additional modules that can assist the clinic in both building and maintaining a compliant clinic.