HIPAA Compliance Depends on Documentation

August 28, 2014

When the auditor or perhaps your healthcare business partner asks for proof of HIPAA compliance they want to see a documented history of compliance activities completed by your staff. They will want to see your policies, procedures, and forms that have been created or edited to fit your organization. They will want to see recent risk assessments and the risk managment program in place to mitigate these risks. It requires not only a plan but discipline to continuously manage your HIPAA compliance.

My partner is kind of obsessive-compulsive and keeps a list of her lists. If she talks to a customer service person on the phone she gets their name and makes notes about their conversation. She keeps a daily log of her expenses and has faithfully balanced her checkbook every month for over 50 years. I, on the other hand, like to describe myself as a big picture, 30,000 foot view, person. Details annoy me so I tend to try to ignore them. I have never balanced my personal checkbook and so far think that the bank balance is “close enough”

In designing software programs for HIPAA compliance our life would be a lot easier if the whole world was like my partner, but unfortunately we have to accomodate people like me as well. In over a decade of delivering compliance software we have learned how to help everyone get compliant, stay compliant, and prove compliance with our Compliance Meter®.

The key factors are self documenting features where possible, reminders where actions must take place, and nagging when needed. If you edit a policy in our system we note the person who edited, and the date and time that it was edited. When it is approved by their Helper we note that also. Task lists are how we remind you of what you need to do and attached to the tasks are the tools needed to accomplish the tasks. As you accomplish the tasks and check them off we note that also. Along the way if you have questions our Notes feature allows you to ask the Helper for an answer or just leave a note to yourself or another staff member. Of course Notes are logged also so that you can show the history of these activities.

The Compliance Meter® is there as an at a glance way to see your current level of compliance. This is important for both the staff members who are doing the tasks but also for internal managers and external partners. The meters reflect the documentation of activities at a high level but you can also drill down to specific activities or documents to see when they were accomplished and by whom.

Despite all of these tools sometimes you need another level of support called nagging. This is supplied by your Helper who is monitoring all of your activities through our SaaS or cloud model. If you are falling behind and your scores are falling the Helper will contact you to help you get back on course.

All of these layers of compliance tools make HIPAA compliance at least tolerable it not quite pleasurable. HIPAAssure™ is your assurance that you are HIPAA compliant on an on-going basis, and can prove it.

Let us Help!


Back to News