Book a workshop or speakerYes HIPAA applies to DD! Let’s learn together Join our forum

OPRA

The news, documentation, and training source for residential providers, facilities & others
Schedule a Consult

HIPAA compliance prepares you for EVV

by

Dear providers,

It’s important for you to know that HIPAA compliance covers the cybersecurity measures necessary for EVV.  That information is straight from an email issued by ANCOR, which cites the EVV legislation as its source, along with Tim Hill, the Director of CMCS.

Last year, as a service to our members, OPRA partnered with MyHIPAA Guide to spearhead the development of a HIPAA compliance program for the residential sector.  This is the only program of its kind available for residential providers.

The program includes all the materials you need for compliance, plus an option for unlimited phone and email consultation to help you through the process of protecting of private health information.

With EVV right around the corner, we are offering a $100 discount off the price of an annual subscription with the coupon code:  OPRA2018.

Go to hipaa.opra.org to subscribe.

Are you prepared? Design an emergency preparedness plan!

by

At the recent annual conference of the Association of Professional Developmental Disability Administrators (APDDA), we had the pleasure of hearing from administrators from facilities in Corpus Christi and San Antonio, Texas and Miami, Florida who spoke about their experiences preparing for and recovering from Hurricane Harvey and Hurricane Irma last fall. Part of building an emergency preparedness plan includes making provisions to meet the needs of residents with disabilities in the event of an evacuation.

But! Even in an emergency preparedness plan, a resident’s health information is still protected by the HIPAA Privacy Rule.

Check it out! The Department of Health and Human Services offers a great interactive tool, The HIPAA Privacy Decision Tool, that through a series of questions helps you determine how the HIPAA Privacy Rule would apply in specific emergency situations (it’s available as a flowchart, too!). Other emergency preparedness resources are also available through the HHS site.

HIPAA says: Document EVERYTHING!

by

Key Point:  If you don’t document it, you can’t prove you have followed privacy regulations — meaning you could face penalties.  Security policies and procedures are mandated under the Health Information Portability & Accountability Act (HIPAA), and the regs are very specific about the policies and procedures you need to implement.

Through your documentation of policies and procedures, specify the security measures you have in place and the procedures you have for ensuring daily vigilance.

Keep in mind:  Document everything, including all assessments, precautions, procedures, actions, findings, and processes covered under HIPAA requirements. Organize your compliance documentation in central locations, so both paper and electronic records can be easily referenced.

Ask yourself if you are keeping records of:

  • Procedures for distributing privacy notices (which should include instructions on how to file complaints and report security concerns)
  • Security policies and procedures (including written records of required actions, activities, or assessments)
  • Complaint resolutions
  • Updates to policies and procedures
  • Sanctions against workforce members relating to privacy or security issues
  • Staff training
  • Business Associate Agreements

Be sure to keep privacy records for six years from creation of a document, or the last effective date. Also, periodically review and update documentation in response to changing conditions — such as a move to a new location —  that impact the security of private health information.

Note to readers:  See the right rail of hipaa.opra.org for HIPAA documentation and consultation services tailored for residential services providers.

Do your vendors even know what to do?

by

Residential services providers should be aware that they must hold business associates to high standards for protecting the private health information of clients.  What this means is that you must make sure contractors and vendors are protecting private health information that may be accessible to them in the course of doing business with you.

In a recent memo, the U.S. Office for Civil Rights (OCR) raised this question: Is your Business Associate prepared for a security incident?

Continue Reading

DISCLAIMER

MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHipaa Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS

We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

About MyHIPAA Guide

MyHIPAA Guide helps residential services organizations understand what they need to do on a daily basis to protect private health information and secure databases where private information is stored. Subscribers gain access to interactive Security Risk Assessment tutorials, templates for HIPAA security policies, procedures and business associate agreements, a full suite of helpful forms, plus much more in our well organized online catalog of 50+ resources. Most importantly, we hold your hand, because we understand compliance can be confusing. That’s why we work with you personally through conference calls, email and webinars to help you do your best to protect private health information every day. If you’d like to talk by phone, call 1-234-281-4310.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.


Terms & Conditions       Our Privacy Policy


Handcrafted by Shoo.in