HIPAA’s Three Legged Stool

HIPAA’s Three Legged Stool

The beauty of a three legged stool is it’s simplicity. Every leg is critical and there are no extraneous legs. The vulnerability of the three legged stool is that if even one leg is missing the stool falls and fails. If you want to have the quickest of tests for whether your organization is HIPAA compliant check for the three legs; risk assessment, updated policies and procedures, and staff training on the updated policies and procedures.

Risk Assessment

This is a formal process based on the National Institute of Standards and Technology (NIST) protocol which is the “industry standard” according to Health and Human Services (HHS). It must be up-to-date and recent which means less than a year old. It is definitely not a HIPAA Checklist. Most checklists consist of 10 to twelve questions. The NIST protocol consists of 101 questions.

Policies and Procedures

Up-to-date and recent again means that they have been reviewed at least annually and reflect your current business processes. If you are audited they will check to see if your staff are following these policies and procedures. If they are not, you are guilty of “willful neglect” and could be subject to huge fines.

Training

This is tightly tied to the up-to-date policies and procedures as your staff must be trained on them at least annually and more often if there are significant changes in your business process.

Obviously there is more detail to the evaluation but if you have these three in place you’re on the right track. If you are missing any one of these then your HIPAA program has failed and you are vulnerable.

For more information contact Jack@compliancehelper.com