The Process

The Process


HIPAA compliance is more than a once and done thing.  You and your staff need to understand the HIPAA regulations and take them into account when dealing with and processing patient information.  For your office to become compliant with the HIPAA regulations, you need to implement what the federal government refers to as a “Culture of Compliance”.    

You begin the process with an audit of your practice.  You need to identify all places where patient information is managed, processed, transmitted and stored.  This includes all workstations, servers, network equipment that has electronic patient information, as well as your paper records.   When this stage of the process is completed you now have an inventory of what needs to be protected.

HIPAA also protects the patient information that you are aware of and hold in the data storage device that sits on top the shoulders of you and your staff.   We do not include that in the inventory of where data is stored, but you must implement policies, procedures and training to ensure all members of your staff protect that information.

The next step in the process is to identify everything you currently have in place to protect the confidentiality, integrity, and availability of the medical records.  HIPAA is much more than just confidentiality and a breakdown in availability or integrity of the medical records is a HIPAA violation.

Phase 3 of the process is to identify and understand what threats exist to the patient data that you hold.  These threats may be related to cyber security issues, they may be due to the risk of physical damage due to fire flood or other factors, they may be due to the risk of having equipment lost or stolen.  Especially in the realm of cyber security, the threat environment is constantly changing, and it is your responsibility to stay aware of this constantly changing environment.

Next you need to be aware of the tools and controls you can implement to mitigate the possibility of any of the threats causing a HIPAA incident in your office.  This includes software tools such as encryption technology, hardware tools such as firewalls, administrative tools such as employee training and background checks, and physical tools which can be as simple as better locks on your doors.

Taking all of this information into account, you need to develop an action plan to improve how you are going to protect the patient data in your office from being compromised in any manner.  You are required to take all reasonable steps to safeguard your data.

We take you through this process and develop an action plan that is appropriate for your practice.  We provide your practice with:

  1. A HIPAA Security Manual that is tailored to your office and addresses the physical, technical, and administrative controls currently in place.  The manual identifies all places where patient information is stored and processed. The manual also documents the administrative controls you have implemented to protect your data.

  2. A HIPAA Privacy Manual that your staff can always reference to help them understand the HIPAA Privacy Regulations

  3. A HIPAA Risk Mitigation plan which are the recommended steps you need to implement to improve how you protect the data in your office from a HIPAA event.

  4. Online web based trainee for you and your staff so that you can understand your responsibilities and maintain a “Culture of Compliance” at  your practice.

  5. The forms and documents you will need to document your compliance with the HIPAA regulations including

  • Notice of Privacy Practices

  • Bring Your Own Device Policies

  • Consent for sharing of patient information

  • Log forms for cataloging information disclosure

  • And many more

 

Selecting TLD Systems to assist your office to develop the “Culture of Compliance” for HIPAA puts you on the path to minimize the possibility of a devastating HIPAA impacting your practice and your patients.