We help clients do something worth doing
Risk Management & Compliance: Doing the Right Thing
It’s not enough to just know the rules. You have to live them - operationally - every minute of the day. If you treat patients, you are a Covered Entity. That means every member of your staff must understand how to perform their jobs within the state and federal guidelines that define your medical practice.
It all starts with a Risk Assessment.
Big or small, Federal and state law require that each medical practice conduct an annual Security Risk Assessment (SRA). The purpose of the SRA is to determine and define just exactly how you will protect the Privacy and Security of your Patient’s Health Information (PHI).
An SRA looks at things like:
- What is the focus of your practice?
- How many people are involved?
- What do they do?
- How is the office laid out?
- What electronic health record tools do you use?
- What medical procedures do you provide in the office?
- What administrative guidelines to you use to define work processes?
- How do you screen and train staff?
- How to you physically protect the office and the electronic data therein?
Walking the talk.
Smart business-clinicians use risk assessments to bake compliant procedures into every patient encounter. How? By adopting plain language Policies and Procedures (P&P) that describe:
- How the practice meets the training and certification requirements for HIIPAA and CMS; and
- How clinicians and non-clinicians perform their jobs while meeting those requirements.
