- December 15, 2016
- Posted by: Chris Carter
It is no secret that HIPPA compliance is excessively complex and requires a well-planned strategy to effectively execute. A strong compliance program acknowledges that not only is your organization’s reputation at risk if a breach occurs, but also at risk of significant fines and other costs that may ensue.
In today’s environment, especially with actors wanting to exploit Protected Health Information for nefarious purposes, compliance cannot and should not be viewed as voluntary. Moreover, the Office of Civil Rights (OCR) conducts random audits of Covered Entities and levies steep fines for non-compliance which further drives home the point that indifference or inattentiveness in this area is ill-advised.
HIPPA compliance incorporates 169 different requirements between the Privacy Rule, Security Rule and Breach Notification. Thus, a comprehensive approach to compliance can be an arduous task at best. Here are ten compliance steps that your practice can take right now as it relates to the release of information:
1. Drive requestors to an online record request platform that requires an authorization for all uses and disclosures that can be kept on file and accessible 24/7
2. Create a policy that details every aspect of ROI (i.e. items needed to validate authorizations, redacting sensitive information, etc.) to ensure compliance
3. Safeguard PHI from unintentional disclosure by making digital release a priority over faxing and mailing records thereby reducing exposure risk
4. Create a Quality Assurance protocol that helps ensure the correct records are being released and that there are no co-mingled records present
5. Implement a software tool that streamlines workflow and provides for the quickest, and most secure turnaround possible
6. Have Business Associates agreements in place with any service providers that perform ROI functions for you to ensure that these service providers only disclose patient health information properly and safeguard it appropriately
7. Implement a training program for you and your employees that consistently reaffirms your ROI policy and procedure
8. Centralize and automate the accounting of disclosures thereby alleviating the need to make constant determinations (and possible mistakes) as to what can be excluded, and to ensure that all the required content is accounted for (providers often are shocked to be audited and subsequently fined due to missing information)
9. Lock down access. Only allow fully authorized 3rd Parties to access your medical records/EHR systems. Providing a law firm, insurance company, or another provider carte blanche access to your medical records is a recipe for disaster, breach, and litigation
10. Time stamp everything! Labor rates are the future of the HIM Department ROI process. Leveraging software that can help you understand the unit economics of your HIM Department will empower more strategic decision making within the HIM Department
HIPAA compliance in general, and specifically concerning ROI, ensures sensitive information is appropriately safeguarded. Health care providers are entrusted with details that should never fall into the wrong hands. Carefully evaluating compliance as it relates to releasing PHI is important as Covered Entities must be able to share information with patients and other authorized parties in a secure and effective way. A streamlined ROI workflow that enhances compliance is essential for doing business and providing care in today’s health care environment.
Let ChartRequest help with your compliance initiatives as it relates to releasing PHI. Our software was created to help providers become more compliant. It can be leveraged by your staff, but since the ROI process is characterized by high levels of complexity and risk, we also provide a service where we handle this task for you. We have ROI specialists who know how to protect both the patient’s confidentiality and the health care provider’s liability in information release. Sign up for a demo today!