Eli's Hospice Insider

Published on Wed Oct 19, 2011 PDF

The majority of home care providers are out of compliance, expert believes.

1. Generate or tune up your HIPAA policies. "Have comprehensive HIPAA privacy and security policies which meet the HIPAA regulations' requirements," counsels attorney John Gilliland with The Gilliland Law Firm in Indianapolis.

This may require some serious work on your part. Gilliland estimates that "the majority" of home care providers are out of compliance with HIPAA requirements simply because they don't fully understand the regulation and its mandates. "It's complex enough that it's hard for small providers" to learn all the ins and outs of compliance, Gilliland tells Eli.

2. Implement the HIPAA policies. Your beautifully crafted HIPAA policies and procedures won't do you any good if they gather dust. You need to put them into action, Gilliland advises.

3. Train staff. A combination of training sessions and "reminders" will help make sure employees toe the line when it comes to HIPAA requirements, Gilliland says. When staff develop a close and comfortable relationship with patients, it's easy for them to forget that the patients' PHI still must be protected.

4. Focus on risk areas. Laptops and portable devices may pose the greatest risk to home care providers' HIPAA compliance, says Jim Sheldon-Dean, director of compliance services for information security consulting firm Lewis Creek Systems in Charlotte, Vt. Make sure both your policies and your training focus on these risk areas to prevent problems.

5. Impose sanctions for breaches. Your HIPAA P&P should include sanctions when employees violate HIPAA standards, Gilliland recommends. The sanctions can range from relatively minor to serious. For example, you could issue a warning letter for "benign" breaches such as posting a patient's picture on Facebook with a message about how wonderful she is, Gilliland suggests. On the other extreme, you could terminate an employee for a mean-spirited post taking advantage of a patient's vulnerabilities.

6. Explore IT options. You may be able to head off breaches, even if a laptop is stolen, by carefully considering how to configure your information technology. "Probably the best thing they can do is use services to host data remotely from the home care provider, in a secure facility, and access the data in such a way that none remains on the laptop or other computer that is being used to access the data," Sheldon-Dean offers.