Did you know that November 15th is National Clean out Your Refrigerator Day? If a task such as cleaning out the refrigerator deserves a special day, what about a task such as performing a HIPAA walkthrough? With 2018 less than a month away, wouldn't it be nice to ensure your organization's policies and procedures are up-to-date?
The following will offer tips for cleaning out your refrigerator and tips for performing your HIPAA walkthrough.
Empty each shelf
One of the most important steps involved with cleaning out the refrigerator is to empty each shelf. You might be surprised what you find on each shelf as you empty it. What may look like a science fair project may have really once upon a time, been a meal.
During a HIPAA Walkthrough, one of the questions that may be asked is, do you see documents containing PHI that might be visible to unauthorized individuals?
You might be surprised what you find by taking a moment to look over your desks and shelves. Take a moment to look over desks, shelves and other locations to ensure documents containing PHI are not visible to unauthorized individuals. Documents containing PHI (i.e. appointment schedules, census lists, physician orders, EOB's, transcripts, super bills etc.) should not be visible to unauthorized individuals including staff members and the public.
Completely wipe down the inside
Another important step in the cleaning out the refrigerator process is to completely wipe down the inside of the refrigerator. Wiping down the inside of a fridge is important for obvious reasons.
Think of a HIPAA Walkthrough as an opportunity to perform a "wipe down." During the walk through you may identify areas that need improvement. You might see things that are lacking, that may be unsecured, and that may lead to a breach. Identifying those areas is only part of the process. The actual "wipe down" occurs once those areas have been successfully addressed.
Throw away all expired food
When it comes to cleaning out the fridge, this is self-explanatory. We can safely assume nobody wants expired food. When food is expired, for health and safety reasons, it is best to throw it out.
What about expired forms and information?
Most likely, during a HIPAA Walkthrough there will be a section that talks about your Notice of Privacy Practices (NPP). Is your NPP updated and posted in proper areas? If you are not using a NPP with the updated HIPAA Omnibus information, we recommend disposing of the expired NPP, and using a revised version. If your State law requires other additional information on your NPP, that information should be added the federally required information.
Also, September 23, 2014 was the deadline to have your business associate agreements updated, signed and returned by your business associates. If your business associates have any sub-contractors that have access to your PHI, then they too must have signed business associate agreements in place with them.
Restock shelves and drawers with good food
Once again this is self-explanatory; however, we can safely assume food that isn't expired, or doesn't appear like a science fair project, is good food that is at the very least safe for consumption.
Performing a HIPAA Walkthrough annually is an opportunity to "restock" by ensuring your organization is up-to-date and in compliance with HIPAA Privacy and HIPAA Security standards. Restocking with current information that meets or exceeds HIPAA Privacy and Security standards is "good food" for your organization.
Another way to "restock" is to ensure annual refresher training is completed by all of your employees.
Enjoy your nice clean, organized refrigerator
While cleaning out the refrigerator is generally a dreaded task, it is a task that is important none the less. Once the task is complete, it feels good to enjoy having a nice clean, organized refrigerator. The same can be said for HIPAA Privacy and Security.
Conducting your HIPAA Walkthrough helps identify HIPAA Privacy and Security areas that require attention. At the discretion of your compliance officer, correcting problems that were encountered during the walkthrough can prevent violations and ensure compliance with HIPAA standards.
If you have any additional questions, please do not hesitate to contact us by phone: 855-427-0427 or by email: support@hcp.md.