Do I Need a HIPAA Compliance Consultant? – What the Law Demands
Reading through the HIPAA regulations may seem like an exercise in futility for most people, especially if you aren’t fluent in regulatory doublespeak. Making matters worse, the HIPAA guidelines are designed to cover an almost impossibly wide range of businesses.
A one-person medical practice, a multi-billion dollar insurance company, an IT managed service provider, and even a document shredding service have HIPAA responsibilities. If they create, access, use, process, transmit, or destroy protected health information (PHI) in physical or electronic (ePHI) formats, they must comply with HIPAA.
HIPAA regulators attempted to make things clearer a few years ago when they released a list outlining Seven Foundational Elements of HIPAA Compliance.
- Implementing written policies, procedures, and standards of conduct.
- Designating a compliance officer and compliance committee.
- Conducting effective training and education.
- Developing effective lines of communication.
- Conducting internal monitoring and auditing.
- Enforcing standards through well-publicized disciplinary guidelines.
- Responding promptly to detected offenses and undertaking corrective action.
The process of achieving those seven elements is very different for each organization listed above. Because no two organizations are the same, there will likely be unique challenges for similar practices within the same specialty.