Health Information Compliance Alert

HIPAA STRATEGIES:

Batten Down Those HIPAA Hatches

The privacy rule deadline is only days away, but that doesn't mean privacy officers are sitting back with their feet up and idly waiting. Take a look at what some of your colleagues are up to in the waning days before April 14.

The HIPAA-induced privacy rule frenzy is in full swing, and health care organizations across the country are bracing for the April event. At the front line of HIPAA preparedness are privacy officers, who are charged with putting the finishing touches on their organization's compliance plan.

One privacy officer tells Eli she's currently finalizing her entity's HIPAA training. "We made a conscious decision to do just-in-time training," says Rebecca Buegel, privacy officer and director of health information management at Casa Grande Regional Medical Center in Casa Grande, AZ. In addition to offering last minute training, Buegel says Regional is reconfiguring its Patient Service Agreement to include the acknowledgement of receipt for the Notice of Privacy Practices.

Buegel says Regional intentionally delayed training and the reconfiguration of its Patient Service Agreement because it was concerned about any last minute changes to HIPAA from the Department of Health and Human Services. "I didn't expect HIPAA to go away, but I also know that the government is notorious for changing things at the 11th hour," she says.

And Buegel isn't alone when it comes to HIPAAcrunch time. Tara Shewchuk, system compliance officer for Resurrection Health Care in Chicago, tells Eli that the deadline has her multitasking, and says she, like Buegel, is also taking care of mundane tasks like printing and distributing documents that are considered most vital to her organization's operations. She says that, similar to many providers, despite all of the hard work and planning over the last two years, "we are down to the wire with many aspects of compliance, including the physical printing and distribution of the Notices [of Privacy Practices]."

Documentation appears to be the number one priority among privacy officers and other HIPAA experts in these final weeks before the deadline. "We are in an active mode making sure that we have all of our forms and procedures in place," says Skip Capone, University Counsel for the University of North Carolina at Greensboro. "We're working on the whole range of forms - not just the [NPP]. Many of the forms have to do with authorizations for specific uses of PHI," he adds.

Shewchuk also says she considers communication with her organization's line managers to be crucial, especially at this time, and says she's relying on her IS systems for HIPAA-related communications (e.g., email and Intranet). In addition, Resurrection has a bulletin board set up "exclusively for HIPAA purposes," which provides information on each of the HIPAA regulations (Privacy, Security and Transactions and Code Sets).

Sure to be a useful tool to all work-force members, the bulletin board contains posted items including the complete text of the regulations, guidance and Q & A's published by the HHS Office for Civil Rights, Resurrection's model business associate agreement, HIPAA policies, training components like certifications of training and confidentiality statements, and risk assessment spreadsheets.

Both Shewchuk and Buegel seem confident all of their labor will bear fruit come April, but both share the frustrations of compliance responsibility. Shewchuk will be the first to point out that HIPAA compliance can take its toll on one's nerves: "I went out for a bottle of antacids at our pharmacy yesterday and the pharmacist suggested it should come as a 'perk' with my job!"