Unlike the compliance requirements under the Security Rule, which focuses on the technological security and controls to protect patient information in your computer systems, the requirements to be met under the HIPAA Privacy Rule are more method and process oriented. These procedural controls form the basis of handling your patients’ information in a manner that assures their privacy is protected even when while it is being used for the vital tasks you perform for them and about them.
When you bring us in to assist you in evaluating your policies and methods, we begin by discussing your concerns and issues with you. We make sure we understand your operation and your workflow before actual work begins. With a clear understanding, we begin with a Gap Analysis to determine what you have in place and what may be lacking or in need of additional or refinement.
At this point, we analyze our findings closely in order to create a Corrective Action Plan. As we identify areas needing attention, we bring these findings to you to ensure you are aware and that we have a full and correct understanding of the context. Our mutual understanding and agreement provide a solid basis for moving forward to effectively address them and we create the plan together.
Our documentation framework aligns fully with the Privacy Rule and covers all the points it requires. From it, we walk through the process, build the necessary templates, and align and integrate them with your workflow. Examples of process and policy templates include:
- Privacy Officer processes
- Staff and workflow
- Disclosure requests handling, including
- Requests from official, external sources
- Patient requests
- Investigations and audits
- De-identification processes (if applicable)
- Information sharing and incidental disclosure
- Incident detection and response
- Training processes
- Documentation management
When we complete the plan, we go back through it with you and review all items so that you know everything is complete. We continue to work with you to ensure that your enhanced workflow hits all the necessary points and your Privacy Rule compliance achieves reliable repeatable success.
Should the day ever come when you are faced with an OCR Audit investigation, we can help get you ready. We cover the process and outline potential risks so that you can plan your actions accordingly with your Legal Counsel.
Keeping documentation updated is a tedious, time-consuming process that is often neglected and thus poses a real risk at audit time. We help by creating workflows that embrace this requirement and form more natural, minimum effort management to keep these documents current without unduly bogging down your normal processes.
Our goal is to make sure you achieve your compliance goals without disrupting your successful operation, and keep you running smoothly and efficiently by making HIPAA compliance “built in”.