We often talk about doing the “work” of compliance. Some people seem to have the attitude that all I need to do some is annual staff training and hand out a Notice of Privacy Practices to do small office HIPAA compliance. When we try to explain there is more to it than that we often get push-back about the requirements. Especially when we talk about small office HIPAA compliance, there are usually a specific set of limitations mentioned.
We always hear comments like we:
- don’t have time,
- don’t have resources,
- can’t be expected to do this.
So, how DO you do small office HIPAA compliance? Today we are going to talk to someone who is definitely doing the work of HIPAA compliance in a small office. We are doing an interview with Erien Fryer of Medical Direct Care in Clarksville, TN to discuss small office HIPAA compliance issues, obstacles, and how to just get it done.
Small Office HIPAA Compliance
The work of HIPAA involves much more than annual training and the NPP. Even if you are a CE or BA in a small office, HIPAA compliance still requires certain things. For example:
- Documentation Management
- Policies and Procedures
- Security controls and Security Awareness
- Business Associate Management
But, many people don’t take the time to work out what is a reasonable and appropriate way for implementing all those HIPAA requirements.
Erien Fryer’s office, Medical Direct Care, is a small private practice in family medicine. She was thrown into the job of figuring out the work of managing compliance in the office. She quickly learned that small office HIPAA compliance could involve a lot of overwhelming documentation, learning, and more.
She tried bringing in an intern in a local college Health Administration major program. Surprisingly, the student said they didn’t cover anything about HIPAA compliance in her program!
Now, Erien has systems in place and she shares a bit of those details.
Systems That Work
What is the most successful way to just get started? The best place to start is where you are!
Make your policies and procedures reflect what you do. Review them section by section.
A key part of her system is to commit to Compliance Thursday’s every single week. Regular HIPAA compliance work days make a big difference in what can get done a little at a time.
Erien also believes that keeping her ComplyAssistant page open all day helps her get the documentation done right away instead of just another thing to put on a list.
Sending out due diligence questionnaires to BAs has decreased the amount of sales traffic just by asking for it first. Some of the answers were horrifying.
Don’t just assume that other practices are doing things correctly. The same with business associates. Confirm they know . Learn a little bit about it so you can have an intelligent conversation.
This $3,000 server is the only thing that will do what you need! Well, something is wrong with this picture.
How does HIPAA become about patient care and not about compliance. We say it in every episode but how do you really make that happen in your office?