HIPAA MMM Welcome

Welcome to HIPAA MMM Month 1. We are pleased to be able to help you keep your existing HIPAA program ‘Active & Dynamic’ and to do our best to help you meet the government guidelines.

What to expect?
You will receive a link from us monthly, approximately the 15th of each month, that contains your activities for that month. It’s as easy as 1 – 2 – 3!

1. Read the provided instructions
2. Download the included documents according to the instruction
3. Complete the assigned task, document according to the instructions and file in your HIPAA manual in a place you will remember and be able to locate if you ever need to produce them.

Instructions for the routine repeated monthly QUICK CHECK review audit

It is advised that every month you do this same QUICK CHECK audit by using the following audit tool and place any written updates in your HIPAA manual – make sure to review the QUICK CHECK every month as items are added periodically based on changes in focus and enforcement activities within the federal government:
Below are the Instruction to correspond with each item on the Monthly Audit List;
1. If yes, perform a risk analysis for that device, as you did for the devices when you prepared your original risk analysis from the Survival Kit or by copying the format for the risk analysis used in the Silver or Gold program originally provided for you (you can also use your Survival Kit as a reference/templates) Add this newly prepared document to your HIPAA manual.
2. If yes, then remember to document what you did to assure that the device had no patient health information /electronic data remaining on it (i.e. had a service clean the hard drive, destroyed the hard drive, shredded information –if paper etc., at the time of disposition).
3. If yes, remember to have them sign an employee confidentiality form and assure that you perform a full HIPAA training within 45 days of hire.(Remember; You can use this training video Annual Staff Inservice or there is an audio training in the Survival KIT that can be paired with giving your new employee a copy of your office HIPAA policies and having them sign off that they agree to read, understand and abide by those policies to satisfy this training. Don’t forget to document this in your HIPAA manual.)
4-8. Regardless of the specific customized evaluation/review/audit you will perform THIS month, due to the increase in Ransom ware, it is advised to assure and document that all patches, updates, firewalls, antivirus, malware etc. are current and installed on at least a monthly basis.
9. Again, especially due to ransom ware, the required HIPAA contingency plan, most especially focused on the area of data recovery, has become a major center of attention. One of the key components is that your backups are readily available and your data can be restored in the event of an attack on your patient data that shuts down your main computers etc.
Download Quick Audit Doc

Monthly security reminder
Instructions:
It is required, by HIPAA law, that you issue periodic security reminders to your workforce. The law does not define periodic, but an authoritative source has stated that once per month should be adequate for most physician offices.
Your monthly security reminder -for distribution to your workforce is provided-remember to document that you distributed such to all of your workforce including volunteers, part-time employees, family members who help out ‘here and there’, etc. etc. as this is a required component of the HIPAA law…” You must distribute periodic security reminders to your workforce”.
Download Security Reminder Welcome

Activity for this month:
Annual Staff In Service & Training. You are required to train your staff on an annual basis or within 45 days of hiring a new employee. You can either schedule a meeting and have all of the staff complete this training together at one time or allow them to each participate in the training individually. Download the attached document and if you’d like to use the Survival Kit as reference, this section is covered under Chapter 7 and Form #26. You may watch the provided video below or teach the training yourself using the provided outline.
Download MMM Annual Service

Staff Training Video with Full Instruction

Audio Recording of Annual Staff Training:

 

 

 

 

REMEMBER THAT ALL FORMS, SUGGESTIONS, RECOMMENDATIONS ETC., MUST BE ALTERED TO BE APPROPRIATE FOR YOUR FACILITY AS DETERMINED BY YOU.
This monthly service is offered to assist you in reaching a higher level of compliance – you will NOT necessarily be ‘compliant ‘ simply by completing and participating in these monthly activities.

WARRANTY AND DISCLAIMER STATEMENT

PRODUCT: mandatory monthly maintenance (the “Product”)
SELLER: HIPAA Compliance Services (the “Seller”)

Purchaser is referred to as “you” or the “Customer” in this statement.

No affirmation of Seller by words or action constitutes a warranty beyond that expressly stated in this statement.

DISCLAIMER OF EXPRESS WARRANTY
SELLER HAS MADE NO AFFIRMATION OF FACT OR PROMISE RELATING TO THE PRODUCT THAT HAS BECOME ANY BASIS OF THIS BARGAIN. FURTHER, SELLER HAS MADE NO AFFIRMATION OF FACT OR PROMISE RELATING TO THE PRODUCT THAT HAS CREATED OR AMOUNTED TO AN EXPRESS WARRANTY THAT THE PRODUCT WOULD CONFORM TO ANY SUCH AFFIRMATION OR PROMISE.

DISCLAIMER OF IMPLIED WARRANTY OF MERCHANTABILITY
SELLER DISCLAIMS ANY WARRANTY OF MERCHANTABILITY WITH RESPECT TO THE PRODUCT.

DISCLAIMER OF IMPLIED WARRANTY OF FITNESS
SELLER DISCLAIMS ANY WARRANTY OF FITNESS FOR ANY PARTICULAR PURPOSES WHATSOEVER WITH RESPECT TO THE PRODUCT.

DISCLAIMER OF ALL IMPLIED WARRANTIES
SELLER DISCLAIMS ANY IMPLIED WARRANTIES WITH RESPECT TO THE PRODUCT.

The exclusive remedy of the Customer with regards to the Product is the refund of monies paid by the Customer to the Seller. The Customer understands and agrees that the maximum liability of the Seller to the Customer regarding the Product and all related services, including, but not limited to, any liability or alleged liability of any owner, member, or employee of the Seller, is an amount equal to the amount paid by the Customer to the Seller for the Product. To the extent allowed by law, the customer will not be entitled to any consequential damages, including, but not limited to, personal injury damages or economic damages in excess of the purchase price of the Product. It is the intent of the parties that the remedies listed in this Statement are the sole remedies available to the Customer and not cumulative of those provided by any applicable law.

The Customer recognizes and agrees that the business and professional success and legal and administrative protection of health care providers using the Product is the result of the combination of many factors outside the control of the Seller, including, but not limited to location, facilities, equipment, staff training, personality, attitudes, concepts, procedures, protocols, strategies, techniques, weather, psychological factors, state laws and regulations, federal laws and regulations, economic fluctuations, and capital investments. Because of the complexity and interactions of these factors, the parties agree that the Customer may, at the Customer’s sole discretion, employ all, any part, or none of the materials associated with the Product. Without limiting anything else in this Statement, the Seller is not responsible for how or if the Customer chooses to implement the materials and programs associated with the Product. The Seller expressly disclaims any liability for the Customer’s use or nonuse of the Product.

The Customer acknowledges and agrees that all consulting, coaching, and materials provided by the Seller, including, but not limited to the Product, may not be suitable for use in any particular state at any given time, both now and in the future. The Customer acknowledges and accepts full responsibility for all laws, rules, and regulations to which the Customer may be subject. While the Product was produced by and on the opinions of experts in the field of HIPAA compliance, the Seller cannot guarantee or ensure your protection or compliance, as multiple interpretations exist and various degrees of importance are placed on each individual topic within thousands of pages of HIPAA-related laws, rulings, regulations, updates, and publications.

The Product may not be fully up-to-date at all times due to frequent changes in law and interpretations of those laws. Additionally, editions of the Product are updated frequently, and those updated editions are not provided as part of the purchase of the Product. It is up to you to stay current. You may contact HIPAA Compliance Services for assistance in finding an ongoing update service.

The Customer agrees and understands that the Seller owns all copyright rights related to the Product. The Customer is afforded a single license to use the Product in the Customer’s single health care practice. The Customer may not make any reprints or copies of the Product. The Customer may not use the Product to teach, consult, or train any party other than those in the direct employ of the Customer in the Customer’s health care practice. The Customer may not use the Product for any purpose other than for use in the Customer’s individual clinical setting. All copyright laws apply.