We’re going to be talking about HIPAA compliance officers and how their duties impact your office and your patients. I have some slides with you now.
Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi, I am Julie McLaughlin here with the Fearless Acupuncturist, and I would like to thank the American Acupuncture Council for having us here. Today. We’re going to be talking about HIPAA compliance officers and how their duties impact your office and your patients. I have some slides with you now.
Click here for the best Acupuncture Malpractice Insurance
So again, a American Acupuncture Council brings amazing programs to us so we can learn as a profession. From all these different experts, and we really appreciate them helping us share this information with you today. So what we’re gonna talk about is who’s leading the charge in your office? Who is your HIPAA compliance officer?
Get a Quick Quote and See What You Can Save
Who has that responsibility? Is it you as the provider, or is it somebody that you have in your office? Or maybe you don’t even have one. So let’s look at what the responsibility and the roles are of this important job in your office. So why am I up here even talking about HIPAA to you? Long story short, I am a chiropractor and a acupuncturist.
Link to Learn More: https://www.fearlesscompliance.org
I had practice for 37 years, and this is my partner, Dr. Perry Barnhill, and he is a chiropractor and naturopath. And we also are compliance officers, and this is what we do. We decided that we need to help our friends, we need to help our friends in our professions to make sure that no one’s getting in trouble with the feds because this is mandatory information.
This is what you have to do, and we wanna make sure that everybody’s compliant because we wanna be top notch in our profession to make sure that. You know the go movement’s not coming after any of us, so that’s why we’re doing this. I want you to know compliance isn’t a checklist. It’s a commitment. Yeah.
I know we have checklists, and you guys have probably downloaded ’em all, but it’s more than just that checklist. It really is a commitment. It’s a commitment to your practice and to your patients, right? Because the truth is. That the OCR Office of Civil Rights, their audits show that over 60% of small healthcare providers identify HIPAA compliance as a major challenge.
There’s no surprise. It’s convoluted. It’s got gray areas. It’s difficult to say the least. So you know, we don’t have huge teams of support staff like hospitals do or huge offices. We really are the frontline for our patients and for what we need to be compliant with the government. And so it is not surprising that this is a major challenge.
So if it is a challenge for you, you are in the majority. We’re gonna help you get past that challenge. And the other truth is that HIPAA fines can exceed millions of dollars per year for violations. And it happens. It absolutely happens. 80% of the penalties result from a lack of oversight. So if this is one small thing you can do, and you are gonna beat 80% of these penalties, I want you to really listen up.
Because without leadership, everyone is gonna assume someone else is handling well. I thought they were handling, I had thought you were handling it. I thought you were doing it. And the truth is, nobody’s handling it until you actually appoint somebody. And you need to have. Someone who’s gonna be really trustworthy, somebody that you can really rely on, somebody who’s detailed oriented, who’s really going to stay on point with this, and someone who’s gonna help make sure your whole team is on point with your hipaa.
So the core purpose of your compliance officer is gonna be, they’re a guardian of your patient’s trust. They are guarding your patients. I, their personal health information, ensure privacy and security rules are followed. Remember, you do not wanna get hacked. You don’t wanna get scammed. This is gonna help you make sure that you are staying within the lines and none of that stuff is happening to you.
It’s gonna build real world systems to protect the PHI. You’re gonna have monthly HIPAA trainings to keep your team current and compliant. ’cause a lot of times, some of these HIPAA breaches. Aren’t even intentional. They’re just accidental. Just because people don’t know, and that compliance officer is gonna be super important in making sure your team is educated and also, God forbid you got audited.
They’re gonna serve as a point of contact for all things hipaa. If you had an audit. You want that compliance officer to be on top of it to know what parts of your manual are done, which parts need help, what parts. You want somebody who’s a one person contact and their responsibilities are gonna be develop them and maintain the policies and procedures.
Conduct annual and regular risk assessments, oversee monthly employee HIPAA training and documentation, manage any breach investigations, incident responses, and maintain audit logs and compliance records. So you can see this is super important job. And so you don’t wanna just randomly assume that someone’s gonna do this.
It is not about policing. It’s about leading. Really, you’re not policing your practice. You’re not policing the patients. It’s really about leading them to keep that information safe. And you wanna lead by influence and knowledge, not fear. You wanna teach ’em, you wanna make it fun. You wanna do things that’s gonna make them remember it, whether it’s acronyms or just little procedures that you put in place.
But that person’s gonna be responsible for knowing how your office runs. How you’re gonna best learn and maintain and keep doing this information. So you want someone who can communicate clearly and consistency with patients and with the team and someone who will step up to correct the risk if one’s identified.
You don’t want someone who’s just gonna brush it under the rug. If you see a risk, you want someone who’s gonna go ahead and take the initiative and change it. And if you think I don’t even know where to start, or I don’t even know where to know, if I have a HIPAA compliance person where to start, this is a great place to start.
I want you to go on and do this QR code, or you can go to H-T-T-P-S. Slash four slash hipaa risk score.com. Remember, HIPAA has two a’s, not two P’s, right? I want you to go on there and take, it’s like a little 10 question quiz. It’s super quick. It’ll take you a minute or two, and it will give you a grade between A and F, and it will tell you where you are and where your weaknesses are, and where your strengths are, and some of the things that you need to do to get HIPAA compliant in your office.
This information is not shared with anyone. It is just for your information only and for your HIPAA compliance officer to know where are the things that you need to work on. So where most offices slip up when it comes to HIPAA compliance officers is that they will assign someone by default. They’ll say it’s the office manager job.
They’ve never been trained to do what their job is. Never been told how to do it, but because they’re office manager, they do everything, we’re gonna put it on them. And that’s not the best idea because sometimes giving people extra jobs is not in their job description or their job title. They feel like they’re not being paid for it, or they’re being overworked, or they just ignore it because they don’t even know how to do it.
So you wanna make sure that the person you choose actually has training and actually is. In their job description and their job is being compensated for that. So you want to not have a manual that hasn’t been updated in years and expect the new compliance officer just to become magically current because the laws change.
Monthly. They change all the time. They change ’em to one thing and then they change ’em back. And then they change ’em to another thing and then they change ’em to another thing. And that’s where we can help you with staying up to date. But that HIPAA compliance officer needs to have a good baseline. Don’t give them some manual that’s 10 years old and expect them to be all the way up to date.
The training that happens once a year is quickly forgotten. So you’re required to have that training in your office. Once a year, but you’re also highly recommended that you have training once a month for your staff. So that is absolutely what you want to do, and that’s gonna help your compliance officer and your team.
And if you have no audit trail. Or documentation to prove compliance, that’s really gonna be a problem. Let’s say you’re doing everything you need to do, but you never write it down. That’s like seeing patients and never taking a note, right? Then that means that visit never happened in the eyes of malpractice and the eyes of insurance, all of those things.
So you have to document it and you have to write it down what you’re doing to be compliant. So tools that make compliance manageable, right? We have a solution with fearless acupuncturists that we can talk about if you need to. You need to have an editable policy and procedure manuals, because those things change.
You need to have a step by step risk assessment template that you’re gonna go through and you’re gonna assess. All the different things in your office, that could be a potential risk, right? You want monthly training for your staff. You wanna have an audit log and a compliance checklist because. If you are doing something, let’s say you do your monthly HIPAA training, you get it.
Everybody who was there sign that they participated in the training and you put it in your audit log. When you do that risk assessment, you put it in your audit log. ’cause if you don’t write it down, it didn’t happen. And if you come and get audited and you say, we’ve been doing it, but you have no proof, they don’t care.
It’s the government. They don’t care. They say, say ignorance is not an excuse. You wanna make sure you have ongoing support and updates about the regulations change. You need to stay current on this stuff because again, if you say I’m current from last year, but I didn’t keep up with this year, the feds, they don’t care.
So if you need some help, if you need to strengthen your HIPAA plan, take that free quiz if you wanna talk to us and just have questions if you wanna see a demo of how we can help support your team as well. I’m going give you a link and you’ll be able to reach out and just reach out and we’ll be happy to do it because you’re not alone in this.
We’re here to help our friends and our friends. Are you, our friends are the people in our profession. So info at better hipaa blueprint dot coms are email if you wanna contact us. Fearless acupuncturist.com is our website if you wanna check it out. And if you’d wanna schedule a demo, here’s the QR code.
Or you can go to go dot fearless provider.com/demo and we’ll set up a demo and go through everything so we can see where you are now and what you need and help you get to where you wanna be. So that’s it for today. With Fearless Acupuncturist. I am Dr. Julie McLaughlin, and I would like to thank again, the American Acupuncture Council for having us on here and providing these great educational tools for everyone.
Have a great day, and I’ll see you next time.