Compliance:
Keep Your HIPAA Policies In Line By Focusing On 4 Principles
Published on Wed Mar 12, 2014
Do your policies set forth clear responsibilities and accountability?
Every physician group and facility knows they need compliance and privacy policies in place to keep services on track. But what makes a “good” policy? According to the Malvern Group Incorporated of Malvern, PA, your policies should follow these core principles:
-
Describe the “what.” Keep in mind that the policy is only half of compliance — the procedures are the other half. Make sure the policy specifies the “what” (the result) that you need to achieve.
-
Use unambiguous language. The policy should express unambiguous intent, meaning that it should contain clear language. Also, ensure that the policy uses unconditional language — “will” or “must,” not “should” or “may.” Use active voice — “will ensure,” not “will be ensured.”
-
Establish clear accountability. Your policy must establish clear accountability, specifying the business unit or individual role(s) charged with implementation and operation. The policy should leave no question as to who is responsible for implementation.
-
Provide support for training. Make sure the policy and implementing procedures are a solid reference for developing training materials for staffers. The policy should be understandable by all individuals who must follow it.