Empowering Women in Chiropractic - Responsibilities of a HIPAA Compliance Officer

Click here to download the transcript. 

Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.  We suggest you watch the video while reading the transcript.

Hi everybody. I am Dr. Julie McLaughlin with Fearless Chiropractor, and I am here today with the thanks of ChiroSecure. We're gonna be talking about your HIPAA compliance officer. In your office, what their responsibilities are, what their roles are, and why it's important to have one. So I.

So again, thank you ChiroSecure for always giving us these really great educational webinars. Not only here on hipaa, but for every other topic. If you haven't checked them out, be sure to check 'em out. They're on YouTube and Facebook everywhere. Because. They're really beneficial and they're from people who are in the profession who know what are going on.

Click here for the best Chiropractic Malpractice Insurance

So today we're gonna talking about who's leading the charge in your office, who is your compliance officer, your HIPAA compliance officer, and what are the responsibilities, right? We're here to help you protect your practice and empower your team. But so is your HIPAA compliance officer, so I wanna make sure you have one, and that they're doing the things that need to be done to help you maintain compliance.

So why am I even on here talking? I know you've seen me doing things on functional medicine and empowering women and all kinds of different things, but. I teamed up with my partner, Dr. Perry Barnhill. And after years and years of practice, we decided we need to help our friends. We need to help our friends in the profession to make sure no one's getting waxed from HIPAA, from the feds because this stuff is serious.

Get a Quick Quote and See What You Can Save

It's a real thing. And none of us went to school for this. Nobody, as chiropractors, we didn't even have business schools, so let alone HIPAA training and. It changes. It changes on a daily basis, a monthly basis, a yearly basis, and it changes one thing and it changes back. So we're here to help you stay compliant and up to date.

So compliance isn't a checklist, it's a commitment. It really is. I know you download our checklist, but if you are not doing what you need to do. Then you're not gonna be compliant. So you need to commit to being compliant in your office, and you need to commit to having a HIPAA compliance officer that you choose in your office to help you with that commitment, because the truth is the HIPAA fines can exceed millions of dollars.

Per year for violations. 80% of the pen penalties lack from oversight. We don't want you to have that. So if you can prevent 80% of the penalties by having oversight, by having a good HIPAA compliance officer, I want you to do that. That's a super important thing. 'cause without leadership, everyone assumes someone else is handling it.

And the truth of the matter is when you do that and you don't specifically appoint someone, no one's handling it because they think, oh, that, that person over there is handling it. That person over there is handling it. It's not my job, and that's not gonna work. So the OCR shows that over 60% of small healthcare providers.

Identify HIPAA compliance is a major challenge. That's no surprise to us. It's a major challenge, right? It's a major challenge just to be able to even start your HIPAA manual, start being HIPAA compliant, let alone keeping up with the things that you need to do on a daily basis and weekly basis, monthly basis when it comes for hipaa.

So your core purpose of your HIPAA compliance officer is that they're the guardian. Of your patient's trust, right? They are gonna ensure that your patients trust your office to keep their information safe. They're going to ensure that your privacy and your security rules are followed. 'cause that's what's gonna make you compliant.

They're gonna build real world systems to protect your PHI monthly HIPAA training for your team to stay compliant. Because if they're the only one in the office that knows what's going on and you don't train the rest of your team, they're I promise you, they're gonna inadvertently expose. I and confidential information, not even knowingly.

So you have to keep people educated and trained. They're also gonna serve as a point of contact for all things hipaa, God forbid. Knock on wood, that you got audited or you had a breach, and who are they gonna contact? They're gonna contact that HIPAA compliance officer because they're gonna be up on everything that you have done and you need to do.

So their key responsibilities are they're going to develop and maintain policies and procedures for you. They're going to conduct annual and regular risk assessments. This is a huge one. This is one of the first things when the feds are coming in, they're wanna see your risk assessments and your security risk assessments and the things that you've done to maintain that security of the PHI.

They're gonna oversee that monthly employee training and documentation, manage breach investigations and incidences and response. We all think these breaches aren't gonna happen to us, but I can tell you after talking to lots and lots of docs in this profession. It does happen to us. The compliance officer is gonna maintain audit logs and compliance records, just like our notes.

If you don't write it down, it didn't happen. You could see patients all day long, but if you don't have notes and records to, to record what you did. You are not gonna be able to bill. You're gonna be in big trouble if you had malpractice and you're not gonna be able to get covered by insurance. That's the same thing with this, even if you're doing everything right with hipaa, but you don't write it down and log it, that you've done it and what you've done and what you've corrected and what you need to correct, it doesn't exist.

And the feds, they don't care. Ignorance is no excuse for them. Just like with taxes. So we want you to have a person that has a leadership mindset. It's not about policing, it's about leading people. Lead by influence and knowledge, not fear. Teach 'em what they need to do. Make it fun. Make it like a little game.

What are the 18 types of PHI? And have everybody write it down. See who can get the most or who can get all of 'em. And then the ones they miss, make sure that they know. Communicate clearly consistently with patients and the team. When patients have questions about privacy and hipaa, you want somebody who can really communicate that with them so they feel comfortable and confident in your office, and someone who's gonna step up and correct a risk that they find when one's identified.

You don't want somebody who's just gonna say, everything's rosy. Everything's peachy. We want somebody who's gonna really find the. The weak spots and fix 'em for you if you don't even know where to start. If your HIPAA compliance officer doesn't even know where to start, this is a good place. It's the HIPAA risk score.

It's free. It's 10 questions. You are the only one who sees the results, and it just gives you a good starting point. Here's the QR code, and you can also go to [email protected]. Remember, HIPAA has two A, not two Ps, and you wanna go ahead and take it and it will give you an idea where you are a grade LE letter from A to F of how well are you doing with your HIPAA in your office and where do you need to focus and work on?

But where most offices slip up, I can tell you by assigning someone as their compliance officer by default it's my office manager's job because their job is everything in the office. But they've never been trained to do it or they don't even know how to do it or what HIPAA is.

And sometimes they'll feel like, I'm doing a job that I it's not my job description or I'm not getting paid for. So you wanna make sure whoever you choose, that it is in their job description, they are being compensated to do that. You don't wanna give someone a manual that hasn't been updated in years and expect them to become current and compliant all of a sudden, because those things change.

Rapidly. You want someone who's able to have access to all the current things that they need to be able to do, not things that are years old. Training that happens once a year and it's quickly forgotten. So you maybe you train once a year and then it's over. You check that box. Also, remember we just talked about this no audit trail.

If you're not documenting it to provi to prove that you're compliant, it's not happening. So these are some tools that will make your compliance more manageable. Definitely reach out to us if you have any issues and you need help. 'cause we do have a Fearless Chiropractor solution. I want you to make sure your policy and procedure manuals are edited, editable because they do change.

You need to update them, change 'em, revise them. You wanna step by step risk assessment template. You go through all the different items and you assess your practice for those risks. You also wanna have monthly HIPAA training for your staff. You need to keep them up to date on what they need to do, and then you need to record it in your audit logs.

You need to make sure that it's written down everything that you do to stay compliant, and you go through those checklists. You also wanna have ongoing support, someplace that you can have support, regular updates and regulation change, so you know when things change and what you need to do in your HIPAA compliance manual in order to stay up to date.

So if you need some help you, you're ready to strengthen your HIPAA plan. We're here for you. Take that free HIPAA score quiz. You can schedule a demo with us and see how the Fearless Chiropractor works to support your team. And you can join our program if you're interested. If you just have questions and you wanna reach out, just know you're not alone.

Please know you're not alone. You can email us at [email protected] and you can also, check out our website at betterhipaablueprint.com. And if you would like to schedule a demo, here's a QR code. It takes 15 minutes. We'll go through everything. We'll answer your questions, whatever it is that you're struggling with, or your compliance officer is struggling with, things that you need help with getting started, and that sites go dot fearless provider.com/demo.

And that's it for today, a Fearless Chiropractor. And again, I would like to thank SCU for being so awesome and sponsoring these programs and helping us all become more educated in the things we need to do in practice. I'll see you next time.

Click here for the best Chiropractic Malpractice Insurance

Get a Quick Quote and See What You Can Save