Thursday, 28 June 2018 12:02

If you see something, say something

Written by

Staff working on the ground sees everything; they are the ones likely to come across a problem that demands your attention. You need to have a reporting system established that the staff knows exists to ensure the issue will be communicated.

First, you must manage reporting systems for your agency. Create a process through which staff can submit reports either anonymously or by name. Have a system in place to ensure that once a potential breach has been communicated you have the tools ready to complete an investigation efficiently.

Remember! Review whistleblower reports regularly! Monitor to make sure investigations take place in a timely manner and are resolved.

Having a reporting system in place is only half the battle. You have to also make sure your staff:

Understands yourorganization's reporting system, and Does not fear retaliation for reporting.

Make the duty to report a part of your agency's culture. Promote awareness and understanding of the availability of whistleblower reporting and other resources your agency offers. Also promote your agency's non-retaliation policies. Make these policies known to staff in new-hire orientation and annual training, on your website, in staff memos and through other ways you communicate with staff.

Keep in mind! Communication is a two-way street. Creating a reporting system is meaningless if staff does not know to use it!

For more information, check out the section on Preventing Breaches on page 26 of the MyHIPAA Guide Compliance Manual. MyHIPAA Guide subscribers may access available templates for security incident reports and incident investigations under Appendix E of the Security Policies and Procedures template on Step 3 of the MyHIPAA Guide website.

Read 340 times Last modified on Tuesday, 24 July 2018 09:52

10 Step HIPAA Plan

  • Step 1: Make Sure you Must Comply with HIPAA +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Designate Team Leaders +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Develop Security Policies & Procedures +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    INTRODUCTORY:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    ADVANCED:
    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    INTRODUCTORY:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    ADVANCED:
    Toolkit on 45 implementation specifications
  • Step 6: Reduce Risks of a Breach +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Train the Team +

    What's Inside:
    • Form for reporting breach notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Customize Privacy Notices +

    What's Inside:
    FOR ALL:
    • Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    INTRODUCTORY:
    • Professionals' guide covering 2013 updates on communications.

    ADVANCED:
    • Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Execute Business Associate Agreements +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Verify Compliance with HIPAA +

    What's Inside:
    INTRODUCTORY:
    • Tip sheets
    • Short videos
    • Overviews

    ADVANCED:
    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1

Login

Member Access