How to Write and Adopt HIPAA Policies and Procedures?

Most HIPAA Security Standards do not require the implementation of any specific security measure. Rather, they require covered entities and business associates to write and adopt policies and procedures. For example, the Security Rule does not require you to terminate access in any particular way. Rather, you must have a Termination Procedure spelling out how you will terminate access. A number of six and seven-figure fines from HHS have involved not having policies or procedures or not having adequate ones. And HHS has fined violators in excess of $1 million for not having policies not even mentioned in HIPAA. Massachusetts General Hospital, for example, was fined $1 million for leaving paper PHI on a subway. No work-at-home policy! No such policy is mentioned in HIPAA.

And just having a policy is enough, it must say what you want it to understandably and be enforceable

This 60 minute webinar on "How to Write and Adopt HIPAA Policies and Procedures" will given by an expert HIPAA consultant, author, attorney, and expert witness, will begin an introduction stressing the importance of complying with the requirement to write and adopt policies and procedures, both those expressly stated and those that may also be necessary and have had the lack of result in a fine.

After an introduction, the seminar will focus on why do we need to understand this topic, how to use HIPAA required Risk Analysis to help you decide which policies and procedures to develop, and how to conduct research before drafting policies and procedures, by asking and answering the right questions, soliciting help, and collecting samples. Then it will cover how to draft policies and procedures that comply with HIPAA’s requirements, based on sound principles of substance, organization, coherence, style, and correctness.

Once policies are adopted, HIPAA requires covered entities and business associates to revise policies and procedures, including steps of reviewing, incorporating recommended changes, and implementing.

Then the webinar will help you figure out how to decide whether you must draft addressable policies under HIPAA—policies that you only have to implement if it is reasonable and appropriate to do so. Then it coveres how to decide whether you need any other policies not mentioned by HIPAA followed by a conclusion and question and answer.

The webinar will conclude with a summary and a question and answer session.

Topics which will be covered in the session (bulleted point)

• Using HIPAA required risk analysis to help you determine what policies to adopt and what they should say.
• How to research what the policy should be.
• Drafting—the five elements of good drafting.
• Revising.
• Adopting and implementing.
• What policies and procedures are required.
• What policies and procedures are addressable—you must implement them if they are reasonable and appropriate in your situation.
• What other policies might you need?

This webcast will be of a valuable assistance to the below audience.

• Director of Health Information Management
• Medical Records Supervisors and Personnel
• Compliance Officers
• Security and Privacy Officers
• Office Managers
• IT Supervisors
• Risk Managers
• Quality Assurance Officers
• Healthcare Attorneys
• Practice Owners and Managers
• HIPAA consultants