HIPAA Compliant Document Management: Get Everyone on the Same (Policy) Page
Every office needs to have straightforward policies that cover the proper use and release of patient PHI. Even more important, employees must be aware of these policies and commit to following them.
A HIPAA breach can happen, even when someone has the best intentions, like releasing information to an adult child without signed authorization from the patient. Even if the patient was not upset by the release when it happened, it would still be a HIPAA violation.
HIPAA policies and procedures are a requirement to be compliant. Employees must be trained and attest to these policies, and policy violations must be addressed, with consequences up to and including termination of employment.
The government takes this seriously. You should do the same.
HIPAA Compliant Document Management: A Tear-Free Goodbye to Old Records
Unless you have a budget like the U.S. Government, you can’t just keep everything in storage forever. Old records need to be disposed of properly. One such way to dispose of paper records is by shredding them.
However, you must ensure that you use HIPAA compliant document shredding methods. HIPAA specifies that it must be impossible to recover PHI by reassembling shredded or destroyed documents. Otherwise, you guessed it, another HIPAA violation.
That will likely mean turning to a document storage and disposal company, depending on the age of the documents. In either case, you will need a business associate agreement with the company providing these services.
HIPAA rules and regulations state that you must have a signed BAA before transferring PHI to another company. It doesn’t matter if the PHI is in physical or electronic (ePHI) format. This document should clearly define the responsibilities and liability of each party.
Imagine if the shredding company you chose left a box of patient records on the sidewalk when loading their vehicle. That shouldn’t be your responsibility, and your BAA is there to cover precisely that kind of instance.
HIPAA Compliant Document Management: Make it Simple
Instead of going through HIPAA compliance alone, you could minimize headaches, maximize peace of mind, and reach compliance Nirvana with Compliancy Group. We have suggestions, solutions, and strategies that can guide you to total compliance, whether your records system is high-tech or strictly pen and paper.