- Training covers HIPAA and the revised HITECH regulations
- Specific privacy issues that can be confusing and lead to inadvertent HIPAA breaches, include:
- Besides biological parents, who can legally consent to medical treatment on a minor’s behalf (Stepparent? Domestic partner?)?
- Who has legal authority to request a minor’s medical records (Adult sibling? Foster parent?)?
- What additional privacy rights do minors over the age of 12 have? What information am I prohibited from providing to the parents of a teenager without the teen’s consent?
- Can I drug test a teenager without their consent? What if they test positive for an illegal drug?
- In divorce situations, what is the difference between physical and legal custody for medical decision making purposes? How do I know which parent can consent to treatment on the minor’s behalf?
Critical Elements of Compliance
Policies and Procedures
- Develop Code of Conduct
- Develop new policies based on government mandates
- Revise and update existing policies
- Assist with development of Compliance Plans
- Periodically review and revise policies as needed
- Designation of a Compliance Liaison or committee depending on size of practice
- Development of Annual Compliance Plan
Education and Training
- Educate providers and staff on the new Annual Compliance Plan and any new policies
- Develop or review and revise, as appropriate, new employee orientation program to include Compliance
- Review current education and training programs for content and to determine if any additional programs are needed
- Perform ongoing customized education and training based on audit results and identified trends
- Develop/identify minimal annual compliant education requirements
Auditing and Monitoring
- Determine what existing auditing and monitoring programs are currently in place
- Develop new monitoring and auditing programs as needed
- Perform risk assessment and develop appropriate action plan to address any issues or concerns
- Implement any new monitoring and auditing programs as needed
- Conduct coding audits and provide feedback as needed
- Establish a process to ensure compliance issues or concerns are communicated in a timely manner
- Assist in determining whether a policy, regulatory or legal violation (e.g., HIPAA breach, coding error, etc.) must be reported to the government
Response and Prevention
- Develop procedure for determining cause of compliance violations and process for a corrective action plan