Hipaa Compliance Forms: Fill & Download for Free

HIPAA compliance isn't something you achieve. There is no starting and ending point with a simple road map or checklist.You are supposed to strive for a robust HIPAA compliance program that is addressing your obligation to comply in a reasonable and appropriate manner for your environment.Only an OCR audit can tell you how well you are doing in your program. That opinion on an audit also only applies to what they audited and not where you are the very next day. Your HIPAA program must be on-going and constantly changing.If you are a HIPAA Covered Entity (CEs) you have more extensive requirements than HIPAA Business Associates (BAs). However, many of the requirements are the same.Often CEs mistakenly believe they have HIPAA "covered" because they did the Privacy Rule requirements and they use a certified EHR application. That is not correct, Privacy, Security, and Breach Rule requirements fall way beyond that assumption.BAs mistakenly believe that they only have to worry about the Security Rule requirements. That is also not correct. They must worry about certain elements of the Privacy Rule relating to Uses and Disclosures, Breach Notification requirements plus other concerns based on what is in the Business Associate Agreements (BAAs) they signed.Both BAs and CEs do require:Regularly trained compliance officer(s) who's job is clearly defined to include compliance responsibilitiesDocumentation Management plan (you must prove you are doing the work required by HIPAA with extensive documentation)Business Associate Agreement Management plan (BAs must manage many more agreements than CEs because they have BAAs with all their CE clients, BA clients, BA vendors and BA subcontractors. That doesn't mean that CEs don't have plenty to do on their own list, though.)Documented Security Risk Analysis and Security Assessment Reports within a reasonable time frame (Not one done in 2005 and nothing since)Documented Risk Mitigation and Management planWritten Policies relating to the Security Rule, Privacy Rule, and Breach Notification requirements that address those requirements in a manner that is reasonable and appropriate in your environment.Written Procedures explaining how the policies will be implemented, enforced, regularly assessed and audited.Fully documented HIPAA workforce training programSecurity awareness workforce training programRegular evaluation plan and updates of Security Risk Analysis based on business needs and changesOf course, the elements of this list are broad as is the requirements of the HIPAA law. But, if you worked from this list to make sure your program had all these elements covered it could certainly be argued it is a robust HIPAA compliance program that is addressing your obligation to comply in a reasonable and appropriate manner for your environment.

Overview:This webinar will demonstrate how Covered Entities and Business Associates can comply calmly, confidently and completely with the HIPAA RulesThe secret is -HIPAA Rules are easy and routine to follow -when you know the steps. Paul Hales will capture your attention with visual presentations and interactive learning exercises that take mystery and fear out of HIPAA Compliance.Why should you Attend: Organizations of all types and sizes continue to struggle needlessly with HIPAA Compliance. For example, HIPAA Risk Analysis -Risk Management is the basis of the HIPAA Compliance Program of every Covered Entity and Business Associate.But mandatory HIPAA Compliance Audits conducted by the Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS), found 94% of Covered Entities failed the Risk Management Audit and 87% failed the Risk Analysis Audit. And every audited Covered Entity knew well in advance that it was on the short list to be audited, had completed pre-audit questionnaires and knew the exact questions it would be asked and documentation to be provided (audit protocols).Areas Covered in the Session:Thorough Understanding of HIPAA RulesWhat they areHow they work togetherWhy and How they were madeHow they are changing and what to expect nextHIPAA Risk Analysis -Risk Management for Your OrganizationA Practical Guided Exercise done in class on your computer to take homePrivacy and Security Rules -Permitted and Required Uses and DisclosuresWhat information must be protectedAdministrative, Technical and Physical SafeguardsSocial Media, Texting and Emailing PatientsThe inter-connected, inter-dependent relationship of Covered Entities and Business AssociatesBusiness Associate HIPAA compliance responsibilitiesThe importance of Due Diligence and how to do itHow to avoid making a Business Associate your Agent by mistakeThe chain of responsibility from Covered Entity to Business Associate to Subcontractor Business Associate, etc.Business Associate responsibilities for Subcontractor Business AssociatesBreach Notification discovery and reporting by Business Associates and Subcontractor Business AssociatesWhat is -and what is not a Reportable Breach of Unsecured PHIPotential Breach Investigation -Breach ExceptionsRansomwareBreach Risk AssessmentBreach PreventionWho Will Benefit:Health Care Providers of all types - for example:Large, Multi-site HospitalsSmall Critical Access HospitalsHealth Care Providers in small group practices such as:DentistsOptometristsChiropractorsPhysical TherapistsPodiatristsBehavioral Health Professionals including Licensed Clinical Social WorkersMulti-Specialty Medical GroupsLong Term Care, Assisted Living and Skilled Nursing FacilitiesFederally Qualified Health CentersBusiness Associates - for exampleMedical Billing and Coding companiesIT VendorsElectronic Health Record ProvidersEHR ConsultantsPractice Management FirmsCPA and Law FirmsThird Party Administrators - usually Insurance BrokersRead More

Well .. it depends.HIPAA compliance is mandatory if you are a HIPAA-Covered Entity:You are a HIPAA Covered Entity:Care: You provide services or supplies related to the physical or mental health care of an individual.Provider: A provider of services (as defined in section 1861(u) of the Act, 42 U.S.C. 1395x(u)), a provider of medical or health services (as defined in section 1861(s) of the Act, 42 U.S.C. 1395x(s)), and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business.Clearinghouse: A public or private entity, including a billing service, repricing company, community health management information system or community health information system, and “value added” networks and switches that either process or facilitate the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction, or receive a standard transaction from another entity and process or facilitate the processing of health information into a nonstandard format or nonstandard data content for the receiving entity.Plan: With certain exceptions, an individual or group plan that provides or pays the cost of medical care (as defined in section 2791(a)(2) of the PHS Act, 42 U.S.C. 300gg-91(a)(2)). The law specifically includes many types of organizations and government programs as health plans.(For more detail: see What exactly is ePHI? Who has to worry about it? Where can it be safely located?)If you do not fall directly in one of these categories, you may still have HIPAA-compliance requirements if your organization deals with protected health information andIs a vendor or business partner or subcontractor for a Covered Entity. I.e. you are then known as a HIPAA Business Associate and have just as much compliance responsibility, orIs a vendor or business partner or subcontractor of a HIPAA Business Associate — the law is transitive and the scope of compliance follows the PHI all the way from the covered entities.You would not have HIPAA-compliance requirements if:You do not interact with Patient Health Information, orYou are not a covered Entity and do not deal with any of them or their business associates.If you think you are outside of the scope of HIPAA but in healthcare, it would be prudent to consult a lawyer to be sure. The nuances can be subtle and you don’t want to make a mistake here.