healthcare compliance tips
Patient Requests & Disclosures [Healthcare Compliance Tips]
Healthcare Compliance Tips
Breach Notification [Healthcare Compliance Tips]
healthcare compliance tips
Patient Requests & Disclosures [Healthcare Compliance Tips]
Healthcare Compliance Tips
Breach Notification [Healthcare Compliance Tips]

HIPAA Privacy Officer [Healthcare Compliance Tips]

Assign an employee or hire a Privacy Officer to develop and monitor your HIPAA-compliant privacy program.

Per HIPAA, it is required that privacy personnel are designated within your practice.  You can hire new personnel, train a current employee, or pay a HIPAA consultant.

Keep in mind that there are many areas the privacy personnel will oversee, but not limited to:

  • Developing and implementing privacy policies and procedures.
  • Investigate complaints.
  • Provide ongoing training, development of materials, and assessment.

The designated policy personnel will also play a role in helping you and your staff understand the following:

Administrative Safeguards

This focuses on internal organization, policies, procedures, and maintain security measures to protect patient health information.  This is the true foundation of the three safeguards with the Workforce Security Standard being a subset.

Under this standard, practices should ensure that all members have appropriate access to electronic PHI and prevent those that shouldn’t get access.  An example of this is, implementing policies and procedures on computer access and password management.  

Physical Safeguards

This standard is where you must ensure physical measures, policies, and procedures are enacted to protect electronic information systems, related buildings and equipment, natural and environmental hazards, and unauthorized intrusion.

A common subset of this safeguard is Workstation Security, which is ensuring that employees are authorized to access certain programs and that the same programs are non-accessible to non-employees.

Technical Safeguards

The primary focus is to implement policies and procedures to protect electronic health information and control access to it.

Transmission Security Standard is a subset of this safeguard in which the practice should implement measures to guard against unauthorized access through the network.  A good example of this is not allowing anyone to modify or destroy electronic information unless they are authorized.  Also, data encryption should be utilized for certain information.

Remember, covered entities must maintain records of their policies and procedures or any other action/activity for at least six years.

**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties.  Research, modify, and tailor the advice to fit your specialty.

Joi Sherrod, MPH, CPC, CPCO
Joi Sherrod, MPH, CPC, CPCO
Joi is an educator and owner of JNC Healthcare Compliance Group. After working for distinguished academic teaching hospitals and clinics, she is passionate about helping medical, dental, and behavioral health practices rethink healthcare compliance one trend at a time. Contact Joi at info@jnccompliance.com.

Related posts

7 Compliance Best Practices Every Leader Should Know

Read more
Concerned leader in scrubs.

5 Tactics to Combat Healthcare Fraud

Read more

The BAA – How to Do It Right!

Read more
Patient and healthcare worker.

55% of E&M Claims Have Mistakes. Here’s How to Avoid It

Read more
Healthcare Leader

The #1 HIPAA Mindset Trap That Holds Leaders Back

Read more
healthcare compliance leader

Compliance Culture: 10 Questions Every Leader Needs to Ask

Read more
Healthcare Compliance Tips

5 Billion Recovered: Why You Can’t Afford to Ignore It [Series]

Read more

DOJ vs. Compliance Programs [Healthcare Compliance Tips]

Read more
Healthcare Compliance Tips

Office for Civil Rights [Healthcare Compliance Tips]

Read more