HIPAA GAURDIAN | Consultant-Driven Compliance Process
A Know HIPAA consultant conducts a four-phase project to ensure that the client has the necessary documentation in place to facilitate compliance with the HIPAA Privacy and Security Rules.
Phase 1: Kick-Off Call
The first phase involves a brief, 30-minute kick-off call that will provide the organization with an overview of the process and answer any of the client’s upfront questions.
Phase 2: Information Gathering
The second phase involves a comprehensive information-gathering exercise to identify the organization’s existing policies and procedures as they relate to HIPAA privacy and security.
Phase 3: Privacy and Security Documents, Reviews, and Additional Forms
Know HIPAA uses the information provided in the questionnaires to complete and/or finalize three (3) draft documents:
- HIPAA Risk Analysis
- HIPAA Privacy Manual
- HIPAA Security Manual
Know HIPAA will then schedule two (2) separate reviews with the client: one for review of Privacy manual, and one for review of the Security Manual & Risk Analysis. As part of these reviews, Know HIPAA will collaborate with the client’s Benefits/Human Resources contacts (for privacy) and Information Technology (IT) representatives (for security) to confirm its understanding and interpretation of the information provided by the client.
Along with copies of the finalized Risk Analysis and Privacy and Security Manuals, Know HIPAA will send the following sample forms to the client in order to help facilitate implementation HIPAA Privacy and Security Requirements:
- Sample Business Associate Agreement
- Sample Notice of Privacy Practices
- Sample Access to PHI Request Form
- Sample Account of Disclosures Log
- Sample Amendment of PHI Request Form
- Sample Authorization for Release of Information Form
- Sample Complaint Form
- Sample Complaint Tracking Form
- Sample Confidential Communications Request Form
- Sample List of Business Associates
- Sample Plan Amendment
- Sample Plan Sponsor Certification to Group Health Plan
- Sample Restriction on Use or Disclosure of PHI Request
Phase 4: Training
Once Know HIPAA has issued final documents to the client, it will schedule a training with the client’s key personnel. The training will be web-based and will cover the organization-specific policies developed in Phase 3, and how they relate to the HIPAA Privacy and Security Rules.
Compliance monitoring and updating is an important part of any effective compliance program. As part of this project, Know HIPAA will provide one (1) year, beginning on the date of the training, of automatic updates for the client’s Privacy and Security Manuals if there are any changes to the HIPAA Privacy and Security Rules that would affect their content. After one (1) year, Know HIPAA provides a renewal service at a discounted rate.