Eli's Hospice Insider

Compliance:

6 Tips To Boost Your HIPAA Compliance

The majority of home care providers are out of compliance, expert believes.

Smart hospices will work to minimize their risk of HIPAA violations now, before investigators come knocking on the door. Here's how:

1. Generate or tune up your HIPAA policies. "Have comprehensive HIPAA privacy and security policies which meet the HIPAA regulations' requirements," counsels attorney John Gilliland with The Gilliland Law Firm in Indianapolis.

This may require some serious work on your part. Gilliland estimates that "the majority" of home care providers are out of compliance with HIPAA requirements simply because they don't fully understand the regulation and its mandates. "It's complex enough that it's hard for small providers" to learn all the ins and outs of compliance, Gilliland tells Eli.

2. Implement the HIPAA policies. Your beautifully crafted HIPAA policies and procedures won't do you any good if they gather dust. You need to put them into action, Gilliland advises.

3. Train staff. A combination of training sessions and "reminders" will help make sure employees toe the line when it comes to HIPAA requirements, Gilliland says. When staff develop a close and comfortable relationship with patients, it's easy for them to forget that the patients' PHI still must be protected.

4. Focus on risk areas. Laptops and portable devices may pose the greatest risk to home care providers' HIPAA compliance, says Jim Sheldon-Dean, director of compliance services for information security consulting firm Lewis Creek Systems in Charlotte, Vt. Make sure both your policies and your training focus on these risk areas to prevent problems.

5. Impose sanctions for breaches. Your HIPAA P&P should include sanctions when employees violate HIPAA standards, Gilliland recommends. The sanctions can range from relatively minor to serious. For example, you could issue a warning letter for "benign" breaches such as posting a patient's picture on Facebook with a message about how wonderful she is, Gilliland suggests. On the other extreme, you could terminate an employee for a mean-spirited post taking advantage of a patient's vulnerabilities.

6. Explore IT options. You may be able to head off breaches, even if a laptop is stolen, by carefully considering how to configure your information technology. "Probably the best thing they can do is use services to host data remotely from the home care provider, in a secure facility, and access the data in such a way that none remains on the laptop or other computer that is being used to access the data," Sheldon-Dean offers.

Other Articles in this issue of

Eli's Hospice Insider

View All