Friday (Late) Compliance

Sat, 19 Mar 2016 02:07:20 GMT

Sorry for the late entry but I started researching information on compliance and as you know the difficulty is narrowing it down to a format with the basics. I know the AOA resource list on the website has compliance plan examples so I will not bother trying to load one here but I have copied an article regarding your practice compliance plan which offers a fairly concise---why have a compliance plan? which I have attached just as an example. This is your overall practice compliance plan which is not the "compliance" plan we automatically think of----

When we think of compliance we automatically go to HIPAA--

Definition:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires employers to protect employee medical records as confidential. HIPAA includes regulations that cover how employers must protect employees’ medical privacy rights and the privacy of their health information.

HIPAA gives patient’s rights with respect to their personal health related information. But, the HIPAA privacy rule also permits the disclosure of personal health information that is needed for patient care and other important purposes.

An example question might be:

The agency responsive for enforcing the HITECH Act is:

A: CMS

B: OIG

C: HHS

D: WPS

the answer is C--The US Department of Health and Human Services

Sat, 19 Mar 2016 02:16:01 GMT

The HITECH Act was expanded in 2009 and falls under HIPAA. This was kind of thrown in for the question listed as it falls under the MANY additions to HIPAA that have occurred since 2006 and demonstrates the necessity of keeping up with the changes that are done to HIPAA seemingly each year.

Do you know the definition of Security Officer, Privacy Officer and the roles they play in your plan?

Do you know the time limit for reporting a HIPAA breach?
A: Immediately when breach is determined
B: Thirty days from determination of breach
C: Six months from determination of breach
D: Thirty days following end of year when breach determined

D is the answer. (wording may be a little off but this is being done on the fly)

Do you know the number of patients involved in a breach in order to have to notify the media?

A: 500
B: 400
C: 300
D: 200

A--500 if you have a breach that involves over 500 patients it is your responsibility to also notify the media that a breach has occurred.

Sat, 19 Mar 2016 02:22:27 GMT

Review the why we have a HIPAA policy which is number one and all the basics it entails such as when does a new employee need to have instruction on HIPAA and how often does the entire staff require training on HIPAA and OSHA (which is a whole other compliance issue)

Give yourself a review on each area of your practice in which you need to have a compliance plan--do you know what a BAA is and do you have one for each company you work with?