1. Don't bother learning every HIPAA detail, says Neil Caesar, an attorney with the Greenville, S.C.-based Health Law Center. HIPAA requires only that practice and office policies not violate the rules. You are not required to explore the minutiae in the regulations, including alternatives and variations that bulk up the HIPAA commentary, Caesar says.
This advice will save time, especially if you're assessing your privacy policy plans. For example, you review your protection of confidential patient information and notice that one of your patient's important documents containing sensitive information is out on a desk, visible to everyone. HIPAA requires that you guard this information and secure it with people who either need access to the information or maintain records.
Instead of discussing the sundry suggestions HIPAA has for fixing the problem, just make sure you implement a written policy that keeps patient documents private within the medical-charts area or with the people who need them, Caesar says.
2. If it ain't broke, don't fix it. If your business policies protect patient information and secure transactions, you may already be in line with HIPAA guidelines, so don't overhaul your entire system just yet.
HIPAA compliance requires simply "taking the rules that we have always wanted in place and putting them in writing," says Karen Gulsrud at Medical Solutions Group. Even if your office ends up needing more than Gulsrud's quick-fix recipe, you can rest assured - HIPAA compliance doesn't have to be a Herculean task. Instead of starting from scratch, review the policies you have and make sure they comply with HIPAA privacy requirements. Then fix what doesn't comply, Caesar says.
3. Beware of false information. When it comes to HIPAA compliance advice, especially regarding privacy rules, many companies disseminate false information, says Teena George, a certified HIPAA specialist and owner of Humboldt Medical Solutions.
George warns against listening to companies that advise you to install costly computer programs and expensive guideline plans. Visit state Web sites instead, or consult trusted companies, she says.