Barbara Silva is the CIO for Peachtree Community Hospital in Atlanta, Georgia. As the chief information officer, it has been her duty to assemble a team of healthcare information professionals to prepare for the implementation of HIPAA Privacy Rules.
How did Barbara and her team orchestrate moving forward toward HIPAA Privacy compliance? First, she established a steering committee responsible for HIPAA Privacy planning. The committee focused on three broad areas of development, including:
- assessment; and
- development of policies and procedures.
The steering committee recognizes that the scope of this project is quite vast and that it encompasses many different areas of the facility. The scope involves not just hospital information systems, but the operations of many departments and manual processes. These varied items are included in the scope of assessment and are found to be the biggest challenge. Developing HIPAA compliant policies and procedures is not a one-time activity as changes are constant. Development and continuous updating will mean that this project is one that will be an ongoing effort.
Part of Peachtree Community Hospital’s key to success has been pulling together the right combination of professionals. The result is a multidisciplinary team which will include the HIM services director and the CCO (chief compliance officer).
Barbara has garnered the following information from experts in the area of HIPAA Privacy Rules who have suggested that healthcare organizations consider the following steps to become compliant:
- Inventory the organization’s data as the first step in policy implementation.
- Read the Federal Register information on HIPAA.
- Focus on HIPAA as a business process issue.
- Secure the support of top management and the active involvement and participation of staff in all affected areas.
- Thoroughly review outside vendor contracts to ensure compliance with business associate agreements.
- Appoint a dedicated staff to the HIPAA privacy initiative.
Preparing for HIPAA compliance will require a complex and thorough evaluation and realignment of business and operational processes.
You have been consulted by CIO Barbara Silva as the healthcare information systems expert. You will be working directly with the director of HIM services. As a consultant, you have vast experience with HIPAA implementations. Your expertise will be required in several areas.
|K E Y P L A Y E R S
Barbara Silva, CIO
James Hall, Director of HIM Services
Mark Totten, CCO
Cynthia Wong , Corporate Attorney
|Y O U D E C I D E
Prepare a two-page executive report for Barbara Silva, CIO, addressing the following:
Section 1: State the overview of HIPAA Privacy Rules.
Section 2: Respond to the following questions:
- Steering committee: Who would you include on the steering committee that is responsible for ongoing HIPAA privacy compliance? Who should lead this committee?
- HIPAA education: What type of ongoing education activities would you provide for the workforce of this organization to facilitate compliance with the HIPAA Privacy Rule? How would you implement these activities?
- Business associates: How would you ensure that you have identified all of the organization’s current business associates and developed business associate agreements with them?
- HIPAA compliance: What process would you use to update these policies and procedures? How frequently would you update them? How would you ensure that they continue to be valid and HIPAA compliant?