Are you already looking forward to that summer vacation? Do you have it circled in red on your office calendar so your co-workers can see it (and be a little bit jealous?).
Although they’re not circled in red, you likely also have times blocked off on your calendar for a dentist visit, an annual physical, or getting the oil changed in your car. Mundane tasks, to be sure, but each is important to maintain your personal health and the health of your vehicle.
By the same token, creating an annual technology plan and budget for your HIPAA compliance efforts probably doesn’t merit a red circle on your calendar. However, it’s critical to the successful running of your business. Just like many of the other “get around to it” tasks on your plate, HIPAA won’t get done by putting it off until you “have time”. Remember when you said you were doing to do it next year? Maybe the last two years were supposed to be next year. This needs to be your year!
Begin at the beginning
The first step is creating line items in the budget for compliance and technology. Although these might already be lumped into other portions of the budget, it’s important to create separate line items. That shows that you’ve made a commitment to compliance (and you add visibility because you’re seeing it each time you review your budget).
“But I’m not the person who makes these decisions,” you might say. And that’s OK. Your company president or CEO should be involved, as should your accountant, your compliance officer and the appropriate IT people.
Look at where the business is in terms of compliance and where it should be. If you don’t know where to start, hire a consultant that can walk you through the steps and make suggestions for improvement. If the task feels overwhelming, remember that maintaining compliance is a journey. Each step you take gets you closer to the goal.
Have a plan, review a plan
Putting line items in the budget for compliance and technology is a good start. But you need to have a plan, a written plan that’s easily accessible for everyone to see. This is where that calendar will come in handy.
Your plan should be reviewed at least yearly but also at times of significant change in the organization. Hiring a new doc? You need to do a risk assessment. Opening a new location? Ditto.
We do annual reviews of technology plans. At first, customers don’t understand why this is necessary. But once they understand, it becomes part of the fabric of the business. Compliance officers tell us about items to put on the agenda in July for a meeting that won’t take place until February. That shows the buy-in that’s critical for compliance to take hold.
Compliance is everybody’s job
Especially in small offices, compliance likely takes a back seat to every other job duty, but it shouldn’t be this way. You have to designate a privacy officer and a compliance officer, but often it’s the person who’s asking the most HIPAA questions who gets designated. The person designated as the compliance officer will need time to develop the plan, implement the plan, conduct audits and other critical functions.
Compliance needs to be a priority. Leaders should understand this and allot time and resources to it. Maybe someone else covers the compliance officer’s job periodically. Maybe you budget for a consultant to help with the planning or a temp to fill in for the compliance person.
But every part of the business needs to be involved, in the planning, in the training, and in the ongoing testing of the plan.
Software can help
If you already have compliance documentation, do you know where it is? When was the last time it was checked? Who is responsible for updating it? Is that person still on the payroll?
This is an area where software can help to bring order to potential chaos. A good software system should document changes automatically and remind users when specific checks, reviews, and audits need to be performed. Software can present information in a uniform manner so it can be understood by subsequent users should your compliance officer leave.
HIPAA affects your entire business. Take the time to investigate software solutions that can help streamline compliance at a cost you can afford.
You don’t have to go it alone
Maintaining HIPAA compliance is critical to the future of your business, but it often gets overlooked in the day-to-day. You cannot let this happen. Take small steps toward compliance daily, and the burden becomes more manageable.
And if you need assistance, that’s why we’re in business. We can assist with the planning, the implementation, and the ongoing checks and audits. You don’t need to take the compliance journey alone … but it’s a journey your business should be taking.
Now, get out that calendar and add some HIPAA dates for 2016! Just don’t mess with those vacation days, we all need them on our calendars!
Not ready yet? Need some more motivation or ideas? Then, check out some Help Me With HIPAA podcasts notes on these topics.