When a provider or practice manager finally gives serious consideration to their HIPAA compliance needs, even with the best of intentions, a clinic often overlooks or fails to implement essential components of HIPAA compliance. That is why we have created a customized program that includes a full installation of crucial elements of a HIPAA program that, at the same time, trains your team member on how to be the Compliance Officer.
Between your assigned, certified specialist and your appointed Compliance Officer and providers, the program is customized specifically for your practice needs. Think of your great-grandmother’s handstitched quilt she made many years ago, and how the careful stitching tightly holds the quilt together still today. Often, cookie-cutter patterns built by machines have increased vulnerabilities as a missed stitch can unravel the entire piece. We will keep our eyes on every stitch, making sure to provide the masterpiece you need to be HIPAA compliant. While you seek to preserve the quilt with preventive measures, we will teach you how to maintain and care for your HIPAA program.
There are a variety of HIPAA programs available. Some provide fancy portals with online forms that allow the clinic to check box their way through implementation of policies and procedures. Although having all your HIPAA documents in a cloud based service may seem like efficiency, the proof in recent audits has told us otherwise. As compliance specialists, we have seen some extensive HIPAA violations and worked with clients through the investigation process. In our data collection stage we found providers who utilized automated software did not know what they were answering. They did not have a true understanding of HIPAA terminology or the rules and regulations. They just wanted to complete the forms and move on. Shortcuts can be costly, especially when it relates to federal laws.
The Hands On Approach
KMC University has teamed up with Easy Tech Compliance to address both the privacy and security side of HIPAA Implementation. We believe a clinic should own HIPAA in the sense, know what to do, when to do it and how to do it. HIPAA is not optional and it is a key foundational piece of healthcare business. A provider should not be solely reliant on external parties to manage their HIPAA compliance because when it comes down to it, the provider is ultimately responsible. Does that mean all remote services or cloud based services are bad, absolutely not. But it does mean, you cannot delegate without supervision and you must be involved in the process constantly. Checks and balances must be in place. With that in mind, at KMC University, we believe in the hands-on approach and we help you find a way to make it easy and efficient.
During the implementation program, the KMC University specialist will carry the load by analyzing data, tracking Protected Health Information (PHI) in your clinic, and identifying vulnerabilities. We then create and customize each form, log, and policy your clinic needs to be compliant. Because our compliance team is certified and trained, we will serve as your compliance officer during this time, taking the anxiety and worry off your shoulders. You can trust your HIPAA compliance needs to a company that has a reputation for compliance excellence.
- Customized digital HIPAA Compliance Manual for your practice
- A comprehensive baseline HIPAA Security Risk Assessment, and follow-up corrective actions
- A complete tracking of PHI in the clinic
- Identification of all vendors who qualify as Business Associates, requiring special handling
- Personalized, compliant Business Associate Agreement templates, and signed agreements with all applicable vendors
- Personalized and compliant Notice of Privacy Practices according to the new standards
- Processes, policies, and procedures necessary to respond to privacy related patient requests such as records requests, amendments and restriction of PHI disclosure
- Audits of all devices and applications on which PHI resides
- Role-Based Access Assignments developed and documented
- Training and equipping staff for HIPAA Risk Management; we teach you how to keep HIPAA alive
- Written Contingency Plans based on Security Risk Analysis Threats and Vulnerabilities
- Risk Action Assignments with clear target dates
- HIPAA Training for all workforce members
- Necessary Confidentiality Agreements for all workforce members
- Structured Guidance and Policy to resolve and minimize Security Risks
If you have some type of HIPAA program in place, even if it’s out of date, we recommend starting with a HIPAA Assessment so we can meet you where you are. After that review, we can make recommendations as to what is necessary to safely knit all the pieces of your HIPAA quilt together for your safety and peace of mind.
Ready to get started with the review? Click here
KMC University provides a valuable service for chiropractic providers. I purchased a library membership and a coach to guide me as I audited and made changes to clinic SOPs. This program is useful in ensuring compliance, training staff, and confirming the decisions I make for the practice. Even though the practice is operating smoothly, I rely on KMC University to keep me informed of updates and changes in the industry. I continue to be a KMC member and utilize an individual coaching session as the need arises. You will not go wrong with KMC University. From the help desk to Kathy Weidner herself, every individual I have encountered has been friendly, helpful, and provided value.