You may wonder whether HIPAA allows your organization to engage in texting with your patients/clients and/or within your organization. HIPAA, of course, does not mention texting, so you will need to include it in your Risk Analysis or the update of your Risk Analysis, which HIPAA does require. If you are already using texting in your organization in any capacity, have you completed/updated your Risk Analysis of it? Do you have a policy in place regarding texting? Have you trained your workforce on it? Do you enforce it? Do you have your patients/clients sign a texting informed consent and user agreement? Do you have written documentation of anything and everything in this paragraph that applies to your organization? Do you know where your written documentation of HIPAA compliance is right now? What if you had to produce it and hand it to someone from DHHS in, say, an investigation tomorrow?
If you are now in a panic because you don’t have all of the above for texting or much of anything else, Jon Tomes has your six (back), as he would have said before he retired from the U.S. Army. With that thought in mind, I’ll start at the end of the paragraph above and let you know what you need and where to find it. And yes, I will be trying to sell you things. I apologize, especially at this time of year with what feels like 29,000 new sales emails in my inbox every day since before Thanksgiving, but we need to be able to stay in business so that we can keep this free blog free for you, among other things. So here goes.
First, the best place, in my opinion, for you to keep your written documentation of HIPAA compliance is in Jon’s Your Happy HIPAA Book, which is included in Jon’s HIPAA Compliance Library. The three-ring binder has tabs, an intro by Jon for each tab on what you should put there, and a checklist to make it easier for you to remember where you left off the last time that you were working on it.
Second, if you need HIPAA training for your workforce, which includes not only clinicians and staff but also volunteers and students, you can use Jon’s Basic HIPAA Training Video and Workbook, 6th edition, which are included in Jon’s HIPAA Compliance Library, or the online version. The workbook has a little quiz at the back for each workforce member to take and for you to keep in Your Happy HIPAA Book as written documentation for having complied with HIPAA’s training requirement. If you are looking for more advanced training on specific areas of HIPAA, you may be interested in registering for webinars that both Jon and I present for MentorHealth and soon will also be presenting for Online Compliance Panel. I try to keep the list current on our website. Jon’s next webinar will be this coming Thursday, December 15, 2016, at noon Central time. This 90-minute webinar for MentorHealth will be on the topic “How to Handle HIPAA Security Incidents, Breaches, Complaints, and Investigations.” If you can’t make Jon’s webinar, you could order the recording of it, or you could read Jon’s How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know, 2nd edition, which is included in Jon’s HIPAA Compliance Library.
Third, if you have completed/updated your Risk Analysis, as required under HIPAA, and are ready to draft and implement the policies and procedures that you have identified that you need but don’t know where to start to do so, we invite you to consider using Jon’s The Complete HIPAA Policies and Procedures Guide, with accompanying CD of 60+ editable sample policies in Word®. Most of those policies are also available on Jon’s HIPAA Documents Resource Center CD, 6th edition, which accompanies Jon’s The Compliance Guide to HIPAA and the DHHS Regulations, 6th edition, both of which are also included in Jon’s HIPAA Compliance Library.
Fourth, if you have not yet completed your first Risk Analysis or you would like guidance on how to update your current one, please consider using Jon’s Risk Analysis ToolKit, which is available on Jon’s HIPAA Documents Resource Center CD, 6th edition, which is part of Jon’s HIPAA Compliance Library. Or if you want Jon’s review of your Risk Analysis, buy Jon’s online version of his Risk Analysis ToolKit, which will include his written review of your Risk Analysis and a follow-up phone conference with Jon for him to answer any lingering questions that you may have about it.
Fifth, you may want to start the entire process by completing Jon’s Gap Analysis Survey Questionnaire, which is available on Jon’s HIPAA Documents Resource Center CD, 6th edition, which is part of Jon’s HIPAA Compliance Library. Or if you want Jon’s review of your Gap Analysis, buy Jon’s online version of his Gap Analysis, which will include his written review of your Gap Analysis and a follow-up phone conference with Jon for him to answer any lingering questions that you may have about it. To be clear, HIPAA does not require a Gap Analysis, as it does a written Risk Analysis, but many of our HIPAA clients find it easier to bridge the gap from where they are to where they need to be in terms of HIPAA compliance if they first use Jon’s Gap Analysis to figure out where they are.
Sixth, if you use texting in your organization and want an informed consent for your patients/clients to sign, Jon has drafted a template for you to use. His new sample Texting Informed Consent and User Agreement is now available for you in the Premium Member section of our website. His revised sample Text Messaging Policy is also available there now for you. For your convenience, Jon’s Texting Informed Consent and User Agreement is available both as a stand-alone document, in case that version is all that you need, and as an appendix to Jon’s Text Messaging Policy. A one-year subscription to the Premium Member section is included in Jon’s HIPAA Compliance Library. If you are having trouble logging in or want to renew your subscription, please email me at alice@veteranspress.com, and I will pass your request on to our IT/order department so that they can work with you directly to resolve your issue.
Jon and I see our job as CYA for you—that’s cover your assets, in case you were not familiar with this use of the acronym. We want to help you achieve and maintain HIPAA compliance so that you can avoid that free trip to Leavenworth for HIPAA criminal violations and that expensive trip to the bank for HIPAA civil sanctions.