Most health care organizations are now actively interested in implementing the security and privacy measures called for by the HIPAA regulations and are wondering how to get started with this complex, long-lived, and expensive task. This document was developed to help organizations that handle PHI address the HIPAA security and privacy regulations.
Awareness is important at all levels of the organization, but at the early stages it is most essential for middle and upper management. HIPAA planning cannot move forward in any substantial way until the stakeholders of the organization are actively engaged in creating plans and organizational approaches and developing cost estimates. HIPAA is a compliance issue; treat it as one.
It is important for everyone, especially senior managers, to understand that HIPAA is a
regulatory compliance project rather than simply an IT initiative. Treating it as a compliance issue is much more likely to lead to the appropriate organization, attention level, and allocation of resources. Resources need to be in the budget cycle for the upcoming fiscal year in order to meet the aggressive timeline.
Standardize your Approach:
Many of the security and privacy requirements can best be met by creating guidelines, principles, templates, and checklists that are then used consistently in each domain (e.g., system, department, division); This will save staff time by creating an efficient, consistent approach. Consistency will make the system more understandable to those who work across various domains and will make the approach more defensible to those with oversight roles (e.g., risk managers, external auditors, JCAHO).
Success Requires Cultural Change:
To run a successful HIPAA-compliant operation, most organizations will have to go through a cultural change in how they manage privacy and security until the new methods become systematic and reflexive. Responses that are not common now will need to become so for a large percentage of the workforce. Many of the HIPAA requirements point up the need for this kind of “new common sense.” Widespread cultural change requires commitment and leadership across an organization.