The OIG recently released its annual report and expectations for 2016. As expected, HIPAA, Meaningful Use and Compliance are at the forefront, but it’s not impossible to ensure your organization is compliant with these rules. For the most part, the HIPAA rules and regulations are fairly consistent with the expectations of the OIG’s standards, with the HIPAA rules being far more detailed. Essentially, the OIG wants to reinforce that every organization, regardless of size or type, are HIPAA Compliant. 2016 will bring stricter monitoring of internal policies and procedures in the wake of another banner for breaches in healthcare.
Do you know the difference in the rules?
HIPAA requires that organizations have a disaster recovery plan, which requires compliancy from every facet of your organization. There are compliance protocols that your staff needs to be educated on (this is an awkward sentence – need rewrite) and your management must ensure that every role within your organization is in compliance. However, the Joint Commission requires that all organization not only have a HIPAA disaster recovery plan, but a business continuity plan as well.
It is important that HIPAA and Privacy and Security Officers are in sync with leaders who focus on the Joint Commission requirements so that there is no confusion within your organization regarding the expectations of both rulings. Your staff must me consistent across both regulations and requirements.
Covered Entities – Ignorance is not Bliss
Your Covered Entities must comply with HIPAA Policies and Procedures, as well as the stricter compliance procedures in regard to information security as required by the Joint Commission. Although encryption is not required by HIPAA, the Joint Commission will require monitoring of internal policies and procedures. Compliance cannot be a one and done process and will require constant security updates and ongoing risk assessments to ensure compliancy.
Litmos Healthcare recently released the newest version of its HIPAA Education, utilized by over 500,000 individuals over the past twelve months alone. This year’s education extends the courses in several important areas:
How to file a complaint with OCR:
- Explanation and discussion about the annual risk audits requirements.
- More granular review of HIPAA enforcement, federal audit protocols and investigation results.
- New breach exceptions, risks and vulnerabilities including:
- How cloud services and solutions can pose a risk to both users and organizations.
- How telemedicine and virtualization can create breaches if not secure.
- Risks associated with remote workers, onshore and offshore.
Also, from a technical perspective, all Flash objects have been removed from the course. This eliminates the need for Flash to be installed on a PC, and allows the courses to be completed easily on Apple IOS products.