One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit.
In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization.
The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements.
Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed:
First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant.
Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing the workforce to perform their tasks in a controlled environment.Having a set of policies and procedures is positive evidence of the health care organization exercising due diligence.
Third, if there is a breach, the health care organization needs to demonstrate that it has proactively implemented a comprehensive set of HIPAA policies and procedures to keep any penalties to a minimum
Areas Covered in the Session: