If you missed Part 1 of this article, read it here!

There are two aspects to having a compliant HIPAA program:

• Part one: You must install an appropriate, complete and current program, as required by law, that evidences your good faith effort to meet each requirement under HIPAA and, of course, it must be documented.
• Part two: You must keep your program current. Around a dozen of the required sections must have a written evaluation, review, or self-audit performed and documented, each and every year. Otherwise, you are not current and protected, in which case, you may be subject to significant fines.

Here’s a quick test you can do as you read this. Just ask yourself if you have the following in place:

1. Risk analysis
2. Recent ISARs
3. Formalized written policies (typically about 100 pages in a typical healthcare office)
4. Cyber protections
5. Contingency plan with data recovery and emergency mode operation
6. Compliance Officer documents
7. Outlined and documented training for staff and doctors
8. Physical plant audits
9. Notice of Patient Privacy Practices
10. Business Associate Agreements with anyone who stores, transmits, or has access to your patient private health information (PII)

Then, have you signed-off on at least ten documented reviews, evaluations, and self-audits every year, year after year?

These are just some of the required components within HIPAA, that if not present and active (and, of course, documented) can result in a very unwelcome “willful neglect fine”.

If you have not been keeping up on HIPAA, and never-ending amendments to the law, starting from scratch likely feels overwhelming to you. I suspect this is why many practitioners give up or ignore the seeming unpleasantness of HIPAA compliance and never get started. Unfortunately, they put themselves and their practices at unneeded and unwarranted risk.

Good, comprehensive, and easy HIPAA compliance can be done. Before you get started, it is helpful to know that the new law is clear that these protections are valid only when you have been employing the safe harbor measures for twelve consecutive months. As with most laws, it is reasonable to assume the clock starts when you have a documented plan to implement and have started down the road to compliance.

So, when will you bulletproof your practice? Afterall, you may find that a bulletproofed practice is exactly what you need to get back to the good and healing work you do.

If you are not insured with OUM, fill out our online form to get a no-obligation quote!

This article was written by Dr. Ty Talcott, one of the top experts on HIPAA regulations in the chiropractic profession. Visit his website at www.drtythecomplianceguy.com to learn more about his products and services.

“OUM” and “OUM Chiropractor Program” do not refer to a legal entity or insurance company but to a program or symbol of a program underwritten, insured, and administered by ProAssurance. The information contained on the OUM Chiropractor Blog does not establish a standard of care, nor does it constitute legal advice. The information is for general informational purposes only. We encourage all blog visitors to consult with their personal attorneys for legal advice, as specific legal requirements may vary from state to state. Links or references to organizations, websites, or other information is for reference use only and do not constitute the rendering of legal, financial, or other professional advice or recommendations. All information contained on the blog is subject to change.