Recently I was lucky enough to attend AHIMA’s annual Privacy Institute where I was able to listen to many fabulous speakers. One session really hit home with me and made me think. It was a discussion about whether we were following our own policies. We all know that we have to have policies and procedures in place for HIPAA, and I’m sure that by now we all have these in place. The real question is — Are you following your policies?
As an example, the speaker asked the room when we all did our HIPAA training for new hires. Most of us answered that it was done before someone begins work. We were then asked what the actual HIPAA privacy rule says.
Section 164.530 of the HIPAA privacy rule states that we must train a new member of our work force within a reasonable period of time. Here is what I found really interesting. If we have made our rule that we will train all new workforce members before they start, we need to be following that rule and have the ability to prove it.
So if we have an instance where we can’t do it before they start and we do it, let’s say, their second day of work, we would be in compliance with HIPAA but we wouldn’t be in compliance with our own policies.
If we were audited, OCR would mark us down even though we were following what is required by HIPAA because we wouldn’t be following our own policy.
The bottom line is we need to make sure that we are following our own policies and procedures. We all should be doing audits to ensure that we are doing this correctly. I know that I am going to reread all my policies and procedures and make sure that I am following them!
No related posts.