04-18-13 | Blog Post
Online Tech is exhibiting HIPAA hosting solutions at booth #9 at the Indiana Health Information Management Association (IHIMA) 2013 Annual Meeting, Changing Times with IHIMA, held at the Indianapolis Marriott Downtown, in Indianapolis, IN on April 17-19.
This educational session details dealing with corporate compliance in the healthcare industry.
Elements of an Effective Compliance Program
Speaker: Marsha Shepard, RHIA; Director of Corporate Compliance Memorial Hospital & HCC; Jasper, IN
“We all live in compliance as IHIMA professionals,” Marsha pointed out at the beginning of her speech. Throughout the lecture, she repeatedly mentioned that achieving compliance is a team effort and collaboration throughout an organization – from working internally with everyone from the Board of Director to remotely contracted employees and externally with auditors and consultants.
Compliance is a choice for organizations, but there will be strong consequences for not following. She humored the audience by likening compliance to stopping at a stop sign. Just because the laws are in place to do so, doesn’t mean that an organization or everyone in an organization will comply.
A strong compliance program for any organization should include the following 3 P’s:
With HIPAA and HITECH, your role as an organization, from a high level perspective, should be to:
Social media has raised flags within the healthcare world in relation to HIPAA. Marsha said she knew of four people who had been turned in for abuse of social media in the hospital environment. With the age of smartphones, there is a huge need for secure apps that allow doctors and staff to share information back and forth in real time, but she cautioned that until the security is in place, “Just because it’s easy, doesn’t mean it’s right.” There needs to be social responsibility and respect in regards to all social media in the healthcare environment.
With all the changes and laws being hurled at healthcare organizations, it can feel like an organization is moving at 100 MPH. If an organization is to achieve compliance, they must slow down.
She laid down five questions that an organization should ask when looking to form a compliance program:
Not all compliance programs are going to be the same and compliance officers may wear many “hats” within their organization. Conducting a risk assessment with an outside auditor or consultant on an annual basis is highly recommended.
To achieve success within any compliance program, the organization should:
For a complete guide to HIPAA technical, administrative and physical security, read our HIPAA Compliant Hosting white paper. This white paper explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.
About the Indiana Health Information Management Association
The Indiana Health Information Management Association (IHIMA) is a non-profit healthcare professional association representing over 2,000-credentialed Hoosiers. IHIMA is an affiliate with American Health Information Management Association (AHIMA) as a Component State Association. Our purpose is to commit to excellence in the management of health information for the benefit of patients and providers.