Students must be equipped with the skills to navigate the digital world effectively, including using computers.
A to Z: A Compliance Dictionary
March 12, 2024 Today, we’re taking you to compliance school. Don’t worry, there won’t be a test, so no need to study! Sometimes compliance can be complicated, and with so many specific words, it’s easy to feel overwhelmed. At Abyde, we believe in simplifying compliance, so we’re kicking it back to Kindergarten – more specifically, the ABCs. Here are the ABCs of compliance – see how many you already know! Audit – An audit is an examination of how compliant your practice currently is. The random HIPAA audit program will likely resume this year. Business Associate – A Business Associate is someone who handles Protected Health Information (PHI) and performs functions on behalf of a Covered Entity (both defined on this list!). Business Associates include a variety of fields, like medical equipment manufacturers, medical marketing teams, disposal companies, and more. Covered Entity – A Covered Entity directly works with sensitive patient data. This includes healthcare providers, health plans, and clearinghouses. Disaster Recovery Plan – A Disaster Recovery Plan is a required set of procedures to handle the effects of an unexpected event. This includes identifying potential risks, like different natural disasters, and more. Electronic Protected Health Information – Electronic Protected Health Information, or ePHI for short, is any PHI that is created, received, maintained, or transmitted in electronic form. Fraud – Fraud is deception to obtain something of value. HIPAA is in place to protect patients and prevent fraud by securing patient information and if these regulations are broken, there are consequences. GDPR – The GDPR, or General Data Protection Regulation, is essentially a HIPAA equivalent for our friends across the pond, or the European Union. The GDPR includes more than just healthcare, but does define the privacy of patient records. HIPAA – HIPAA, the thing you probably have heard of at least a million times (at least I know I have), or the Health Insurance Portability and Accountability Act, signed into law in 1996, protect the privacy and security of individuals’ health information and to establish standards for the electronic exchange of health information. Incident Response – An incident response is how you handle a situation. Under HIPAA, remember to document everything and report it in a timely manner. Joint Commission – Joint Commission is an accreditation agency that evaluates healthcare organizations. Joint Commission would be considered a Business Associate if they come into contact with Protected Health Information. Know your Patient – Know Your Patient, or KYP, is a way to identify a patient before any information is shared with the wrong person. Logs – Logs are prevalent in HIPAA and OSHA, and are just documentation. This includes things like asset logs, or documentation of the items your practice has, and things like a breach log, which includes an explanation of a breach (who, what, where, when, etc.) Minimum Necessary Standard – The minimum necessary standard is the protocol that the least amount of sensitive information about a patient should be shared. Notice of Privacy Practices – The Notice of Privacy Practices is a required notice to patients on how their information will be used and shared. OSHA – OSHA, or the Occupational Safety and Health Administration, is the government agency that ensures safe and healthy working environments for workers. PHI – Protected Health Information, or PHI, is identifiable information about a patient that is created and shared by a Covered Entity or Business Associate. This includes names, social security numbers, emails, medical record numbers, and more. Quality Management – Quality Management is the constant need to improve and monitor current processes and how to optimize patient care, employee safety, and more. Overall, how you can make your organization better for all involved. Ransomware – Ransomware is a form of malware that holds data for ransom, requiring practices to pay a ransom for access to PHI. Security Rule – The Security Rule is a component of HIPAA and sets the standard for all of the necessary safeguards a practice must have in place to protect PHI. Training – Training is the continuous learning and improvement of all employees (including the owner) of compliance regulations. Update Information – Updating information is very important in compliance, ensuring all information is up-to-date about your practice is key. For instance, have employees leave? Make sure you make a note of that in your policies and roles. With the Abyde software, we do that for you! Vulnerability Assessment – A Vulnerability assessment is a way to test cyber security frameworks to ensure that your system is secure. Whistleblower – A whistleblower is someone who calls out violations of compliance. Whistleblowers are to be protected and make our healthcare systems a safer place. X-ray Safety – X-ray safety precautions are vital, like any use of equipment. For instance, make sure proper protective equipment is worn, use shielding, and be aware of the position of the device. Yearly Risk Assessment – A Yearly Risk Assessment is a thorough evaluation of your practice’s compliance. With Abyde, we ask these questions throughout the year, ensuring your practice is compliant if you’re doing the right thing! Zero tolerance – There is Zero tolerance for breaking HIPAA or OSHA legislation. Whew! This one might have been a little bit longer than our traditional ABCs, but they’re all so important to keeping our patients and staff safe. To learn how you can keep your practice or business compliant, reach out to info@abyde.com or schedule a consultation here for Covered Entities, and here for Business Associates.