By Jack Anderson
April 10, 2014
Two questions we get all the time are; Can’t you just do my HIPAA for me? and Can’t I just buy your policies and procedures without the on-going maintenance? The answer to both is NO! Not because we want to make more money (although that is not a bad thought) but because you wouldn’t be compliant and therefore you wouldn’t be safe if you were audited.
Many things can trigger an audit; a patient complaint, a whistleblower, a breach by you or someone else in the chain of PHI responsibility, a state attorney general, OCR, or a firm hired by HHS/OCR to do unannounced audits. But the most likely source of an audit will be a business partner who is checking to see if you are actually living up to the conditions contained in that business associate agreement you so blithely signed and filed away. They have the right, nay the obligation, to ask you to send them a copy of your most recent HIPAA risk assessment or copies of your documented policies and procedures. They could even show up for and on-site audit. If they detect “a pattern of non-compliance” they are required to ask you to remediate or mitigate the risk and if you can’t or won’t they must sever the busines relationship. There is one exception to that rule. If you supply a service that is not reasonably available from any other vendor they can continue to do business with you but very few of us have services that are that exclusive.
HHS wants you to have a HIPAA compliance plan, be executing on that plan, and most importantly documenting your HIPAA compliance activities. We can’t do that for you but we can give you the tools and the advice you need to do it yourself, cost effectively and efficiently. Whether you are a single transcriptionist, biller, coder, insurance agent or a mediums sized business associate or covered entity, we have a plan for you. Take a look at the videos at www.compliancehelper.com and by all means download the HIPAA compliance checklist, but remember that you can’t stop there, you must move on to an on-going HIPAA compliance program.