We're here to help you with your compliance needs.

Ready to Learn More?

Contact Steve Lewis at sjlewis@rchsd.org to get started.


HIPAA/Security Education

  • Training covers HIPAA and the revised HITECH regulations
  • Specific privacy issues that can be confusing and lead to inadvertent HIPAA breaches, include:
    • Besides biological parents, who can legally consent to medical treatment on a minor’s behalf (Stepparent? Domestic partner?)? 
    • Who has legal authority to request a minor’s medical records (Adult sibling? Foster parent?)?
    • What additional privacy rights do minors over the age of 12 have? What information am I prohibited from providing to the parents of a teenager without the teen’s consent?
    • Can I drug test a teenager without their consent? What if they test positive for an illegal drug?
    • In divorce situations, what is the difference between physical and legal custody for medical decision making purposes? How do I know which parent can consent to treatment on the minor’s behalf?

Critical Elements of Compliance

Policies and Procedures

  • Develop Code of Conduct
  • Develop new policies based on government mandates
  • Revise and update existing policies
  • Assist with development of Compliance Plans
  • Periodically review and revise policies as needed

Compliance Infrastructure

  • Designation of a Compliance Liaison or committee depending on size of practice
  • Development of Annual Compliance Plan

Education and Training

  • Educate providers and staff on the new Annual Compliance Plan and any new policies
  • Develop or review and revise, as appropriate, new employee orientation program to include Compliance
  • Review current education and training programs for content and to determine if any additional programs are needed
  • Perform ongoing customized education and training based on audit results and identified trends
  • Develop/identify minimal annual compliant education requirements

Auditing and Monitoring

  • Determine what existing auditing and monitoring programs are currently in place
  • Develop new monitoring and auditing programs as needed
  • Perform risk assessment and develop appropriate action plan to address any issues or concerns
  • Implement any new monitoring and auditing programs as needed
  • Conduct coding audits and provide feedback as needed


  • Establish a process to ensure compliance issues or concerns are communicated in a timely manner
  • Assist in determining whether a policy, regulatory or legal violation (e.g., HIPAA breach, coding error, etc.) must be reported to the government

Response and Prevention

  • Develop procedure for determining cause of compliance violations and process for a corrective action plan