We often talk about doing the “work” of compliance. Some people seem to have the attitude that all I need to do some is annual staff training and hand out a Notice of Privacy Practices to do small office HIPAA compliance. When we try to explain there is more to it than that we often get pushback about the requirements.

We always hear comments like:

  • we don’t have time,
  • we don’t have resources,
  • we can’t be expected to do this.

So, how DO you do small office HIPAA compliance? Today we are going to talk to someone who is definitely doing the work of HIPAA compliance in a small office.  We are doing an interview with Erien Fryer of Medical Direct Care in Clarksville, TN to discuss small office HIPAA compliance issues, obstacles, and how to just get it done.

HIPAA For MSPs by David Sims Ep 51: Small Office HIPAA Compliance
00:00:00 00:00:00

Small Office HIPAA Compliance

The work of HIPAA involves much more than annual training and the NPP.  Even if you are a CE or BA in a small office, HIPAA compliance still requires certain things.  For example:

  • Documentation Management
  • Assessments
  • Policies and Procedures
  • Security controls and Security Awareness
  • Business Associate Management
  • Audits

But, many people don’t take the time to work out what is a reasonable and appropriate way for implementing all those HIPAA requirements.

Medical Direct Care Small Office HIPAA ComplianceErien Fryer’s office, Medical Direct Care, is a small private practice in family medicine.  She was thrown into the job of figuring out the work of managing compliance in the office.  She quickly learned that small office HIPAA compliance could involve a lot of overwhelming documentation, learning, and more.

She tried bringing in an intern in a local college Health Administration major program.  Surprisingly, the student said they didn’t cover anything about compliance in her program!

Now, Erien has systems in place and she shares a bit of those details.

What is the most successful way to just get started? The best place to start is where you are!

Make your policies and procedures reflect what you do.  Go section by section.

Compliance Thursday’s are HIPAA compliance work days.

Keeping her ComplyAssistant page open all day helps her get the documentation done right away instead of just another thing on a list.

Sending out due diligence questionnaires to BAs has decreased the amount of sales traffic just by asking for it first.  Some of the answers were horrifying.

Don’t just assume that other practices are doing things correctly.  The same with business associates.  Confirm they know .  Learn a little bit about it so you can have an intelligent conversation.

This $3,000 server is the only thing that will do what you need!  Well, something is wrong with this picture.

How does HIPAA become about patient care and not about compliance.  We say it in every episode but how do you really make that happen in your office?