HIPAA Compliance Services for Ohio Behavioral and MR/DD Agencies

The Problem

Behavioral and MR/DD providers operate in a heavily regulated environment.  For example, one recent client was a dual certified ODMH /  ODADAS agency.  Consequently, they are required to comply with ODMH and ODADAS regulations specified in the Ohio Revised Code and  Ohio Administrative Code, federal regulations including HIPAA Privacy, HIPAA Security, and 42 CFR Part 2.  Unfortunately, because of preemption, these overlapping regulations interact in complex ways.  This agency received extensive materials at a county board-sponsored seminar, but the materials were of little real help because the “boilerplate” policies for HIPAA ignored extensive state law.  Many other agencies are in the same position.  Even worse, some agencies believe that they are in compliance but in fact are severely deficient.

HIPAA Compliance Assistance

Eagle Consulting is a specialist in the federal HIPAA regulations, and has trained and consulted with county boards and agencies regulated by ODMH, ODADAS, and ODMR/DD. The following services are available:

HIPAA Security Compliance

HIPAA and state law Privacy Compliance

HIPAA Transactions Compliance

Methodology

Eagle has developed a comprehensive methodology for these engagements.  For example, Eagle’s HIPAA Privacy methodology uses a 32 step process.  The specific methodology varies for HIPAA Security, Privacy, and Transactions compliance.  Some of the methodology elements for these engagements include:

• On site assessment of facilities and practices

• Computer Security Risk Assessment

• Policy and procedure audit

• Inventory of information systems and outside connections

• Inventory of paper, verbal, and electronic protected health information

• Identification of relevant state and federal laws which interact with HIPAA

• Policy and procedure development

• Implementation of policy and procedure manual on company intranet

• Creation of remediation plan for computer and physical facilities

• Staff training

• Post implementation audit

Benefits

Agencies experience a number of benefits:

• Streamlined Accreditation.  Periodic state accreditation reviews are typically a stressful undertaking.  Eagle's services prior to, or as part of a corrective action plan, can reduce the burden associated with this process.

• Reduced liability.  Agencies who fail to comply expose themselves to monetary penalties from state and federal agencies, loss of licensure, or even jail time.

• Reduced risk of computer failure.  Last year, a survey by a leading computer security consultant revealed a 13% increase in computer system “disasters”, resulting from malicious software.  Appropriate computer security makes good business sense.

• Improved client confidentiality.  Most agencies have longstanding policies for patient confidentiality.  In spite of this, recent engagements have resulted improvements in confidentiality, such as implementing low cost approaches to improve sound privacy in treatment rooms.

Typical engagements

Eagle Consulting Partners has completed a wide variety of engagements.  The following examples highlight the diverse scope and breadth of Eagle Consulting Partner's capabilities:

• Comprehensive Counseling Services HIPAA Privacy and Security Engagement

• L'Arche Cleveland HIPAA Privacy

• Ohio County Board HIPAA Privacy and Security