Comprehensive HIPAA Compliance Services for Your Healthcare Practice
Home > Risk Management > Hippa Compliance
HIPAA stands for Health Insurance Portability and Accountability Act. It sets the standards for sensitive patient data in the U.S. Staying compliant with HIPAA regulations is not just mandatory but vital for the ethical operations of any healthcare entity. Our course dives deep into the intricacies of HIPAA, with a specific focus on its Privacy Documentation Requirements.
Hitech Act - Final Rule
The Federal Government published the final regulations implementing the “Health Information Technology for Economic and Clinical Health (HITECH) Act” on January 25, 2013.
This act was described by the head of the Office for Civil Rights (OCR) in the department of Health and Human Services (HHS), as the “OMNIBUS FINAL RULE“
Is characterized by the OCR as comprising “the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.”
Let Health Management Solutions Inc. improve your practice's HIPPA Compliance Efforts
- Failure to comply with any of the above requirements could result in severe
violations, the violation categories are as follows:
VIOLATION CATEGORY
• Penalty Range per Violation
Maximum Penalty for All Such Violations of Identical Provisions
in a Calendar Year
• Did not know $100 - $50,000 - $1.5 million
• Reasonable cause $1,000 - $50,000-$1.5 million
• Willful neglect, timely corrected $10,000-$50,000 - $1.5 million
• Willful neglect, not timely corrected $50,000-$1.5 million
Hms's Compliance Inspection, Is Comprise
Of The Following:
A documented 12 page detailed analysis of all of:
OSHA, HIPAA and Board of Dentistry and CDC's requirements;
A Written Narrative Report with an explanation on these requirements and areas of deficiencies;
A Corrective Action Plan with the Financial Description.
Create your Notice of Privacy Practices and post it, in plain view of your patients, hand it to the patients and implement a method to document your good faith attempt to secure patient's acknowledgement of your Privacy Practices.
• Assign a Privacy Officer and a Contact Person to receive complaints and handle all patients' health information according to new guidelines.
• Conduct Privacy Training for the entire staff, including the cleaning staff.
• Implement an employee discipline process for privacy violations.
Hipaa Staff Training
GOALS: Have the health care professional acquire an understanding of their responsibilities to implement Security “Written Policies and Procedures”; Change the HIAA Notice of Privacy Practices to comply with the High Tec Act and Implement a Patient’s bill of Rights; Create a Breach Notification Policy; Implement a Breach Documentation and Notification Protocols and Procedures; Acquire New Business Associate Agreements from BA; Have ANNUAL Staff Training and Conduct Continuing Periodical Internal HIPAA Staff Training; Have appropriate Patients and Office Administrative forms to comply with all Policies and; Conduct an Independent Written IT Risk Assessment, which must be signed by a professional IT company.”
Hipaa Staff Training
OBJECTIVE: To provide licensee with the tools to examine their practice to identify situations in which PHI is being compromised, according to the High Tech or Omnibus Rule, not according to what the practitioner feels “compromise is”, and have dentists recognize that they need to make changes either administrative or structurally, in order to comply with the Federal HIPAA Privacy Law, the High-tech Act and the State of Florida’s Privacy Law (FIPAA).
HIPAA Staff Training
COMMENTS: The course is geared to highlight a complete understanding of terminology, legal responsibilities and required documentation, and the practice’s structural, electronic and security requirements to comply with both laws, which many time, are in contradiction with traditional and recommended dental practices’ layouts. The subject matter is provocative, as it makes licensees aware of their shortcomings, and the many challenges and risk management issues they need to address; however, they are presented with acceptable solutions and
alternatives.
HIPAA Manual - Required Documentation
List Of Required Hipaa Documentation:
- Written & signed professional it risk assessment
- Written privacy policies and procedures
- Employee acknowledgement receipt of policies and procedures
- Breach notification protocol
- Privacy officer job responsibilities outline
- Employees’ confidentiality agreement
- Notice of privacy practices
- Patient acknowledgement and consent forms
- Business associate agreements
- Patient authorization for use & disclosure of phi to 3rd parties
- Patient authorization for use & disclosure of phi for purposes req. By the practice
- Fax transmittal page
HMS Description of Services and Pricing Structure
(Prices varies depending on the size of the practice, number of employees and number of practices)
(Only recommended for existing practices) -
Iit takes an initial appointment of approximately 2 to 3 hours, depending on the size of the practice., the second appt. about 30-45 minutes, we will deliver and explain the Detailed and Narrative reports along
with the Corrective Action Plan. (2 appointment included on the fee total time spent in the office 4 hrs.). (Preparation of the reports require 2 hours). Total number of hours spent for a thorough Inspection, 6 hrs.
(prices varies depending on the size of the practice, number of employees and number of practices) (required time, first osha staff training 2 to 2.5 hrs.; subsequent years 1.5 hours, as long as there are no significant staff changes).
➤ subsequent annual retraining includes a simple review of the practice implementation process and any suplemental additional information that may be new or recommended. Significant new changes to the rules will require new manuals. Normally this does not happen often, every ten to twenty years. Practice is responsible to purchase recommended require posters.
(Price varies according to number of practices)
(Included in price is the initial in-service explanation of the book, and a follow up appointment of about 1 hr. to review the practice implementation of required documentations.
• The second appointment must be scheduled within 3 month of book delivery; after 3 month, (if the practice want an in-service appointment to assist them with the implementation process, it will be for an additional fee, for one hour Administrative in- service training).