I recently attended AHIMA and had the pleasure of taking extra classes in all things related to HIPAA in preparation for my CHPS exam. During the past year I have also attended many state meetings and listened to others speak about HIPAA and security. I have learned many technical aspects (I’ll discuss the legal guidelines in a follow-up article) but what has really stuck with me is the idea that we should promote a Culture of Compliance.
This really hit home with me, and I heard it from more than one speaker so it isn’t my idea, but it is one I have adopted for use within our company.
What exactly does “creating a Culture of Compliance” mean? It means truly making HIPAA something that your organization lives. Providing training for new employees and then giving once-a-year refresher classes isn’t enough. We need to help everyone understand how important it is to guard protected health information and let it become second nature to us.
We do this in other areas of our lives with things that are important to us. If you have children and you are teaching them to cross the street, you always have them look both ways. You talk about it and hold their hands and guide them through the act of learning to cross the street. It soon becomes second nature that we look both ways before we cross the street. As an adult when I cross a street, I always look both ways (even on a one-way street).
We need to do this with HIPAA as well. Now I understand HIPAA can be confusing; that is why most organizations have an expert on hand who learns the rules so we can ask them for help clarifying a situation. But do we listen to what they suggest? Do we grumble when they say “No, you can’t do that” or do we look for ways to make the situation compliant based on their advice and then be happy that we now can cross the road?
Providing our employees with annual training in HIPAA compliance is a great place to start but it isn’t all we should be doing. Look at your organization and start thinking of ways that you can make compliance part of your culture. Work towards keeping errors from happening because everyone is focused and compliance has become second nature.
Do you have a company newsletter? Start adding HIPAA articles to it and work on ways to make them relevant. If you read something important in the news about a breach or a new change, send an article to your employees in an email to keep them focused.
Although HIPAA is serious, it can also be presented to your employees in fun ways. Have contests with small prizes for answering HIPAA quizzes. Even the employees who don’t participate will be thinking about HIPAA when it is happening.
Remember the carrot principle: reward people for doing things correctly. Develop a program that offers small rewards for those who have made HIPAA part of their culture. If you have other ideas that you use to help get HIPAA out to your team as well as are making it part of your culture, we would love to see it. Sharing with each other is a great way to promote the Culture of Compliance.
No related posts.