November 5, 2020
If you aren’t already aware of how much goes into a complete HIPAA compliance program, we’ll give you a hint – it’s a lot. How much is a lot? Estimates are that it takes the average practice (on their own) 80+ hours per year. So who do you thank for all those hours, headaches and (probably) tears? Your friendly neighborhood HIPAA Compliance Officer.
A HIPAA Compliance Officer, or HCO, is essentially responsible for ensuring your practice meets requirements outlined in HIPAA law – which is as complicated as it can get. Their role is pretty crucial to avoiding a HIPAA violation (not to mention required under HIPAA) and involves quite a list of tasks for the lucky winner of the HCO title.
HCO responsibilities include:
- Develop or maintain a HIPAA-compliant privacy program
- Enforce your organization’s privacy and security policies
- Create or review all required policies and documentation
- Stay up to date on any changes in HIPAA rules that impact practice policies
- Educate all staff on a yearly basis meeting proper HIPAA training requirements
- Conduct annual Security Risk Analyses and work to improve weaknesses or risks
- Ensure patient access rights are upheld
- Investigate and respond to HIPAA violation complaints and report HIPAA breaches if necessary
- Serve as a liaison to the Office for Civil Rights if a breach or complaint triggers an investigation
- And last but certainly not least: serve as a resource for anything and everything HIPAA within the practice
If you are a smaller practice, your practice administrator or office manager might serve as your HCO (on top of all their existing responsibilities – seriously, they must have superpowers), or if a larger organization, you may be lucky enough to have a separate compliance staff member. Regardless of how your practice operates, the HCO deserves a major round of applause for all they do to keep your practice – and patients – safe, secure and compliant.
Every great hero has a side-kick, and for your HCO a HIPAA compliance software solution is just that. Rather than manually updating each policy, creating training materials, conducting ongoing risk analyses, AND keeping up with changing HIPAA regulations, a software solution like Abyde does it all with just a few clicks – and with a lot less time and stress involved. Whether you have a software side-kick or not, making sure you have all the right pieces of the HIPAA puzzle is a crucial role for your HCO to fill.
Don’t have an HCO? Or have someone that was responsible that one time, but never actually had the opportunity to get started on HIPAA? First, figure out where your program is at by reviewing what you may be missing, then assign an HCO and get them some help to manage their new HIPAA responsibilities.