The complexity of the HIPAA regulations can be daunting for practices. Eagle has trained hundreds of physician practices in HIPAA compliance procedures and has consulted with numerous practices and other providers. Compliance engagements begin with an on-site assessment of the physical layout of the office, a review of existing policies and procedures and observation of actual staff practices. We then work with a designated privacy officer, usually the office manager, to customize procedures as appropriate. Corrective action involving adjustments to computer configurations, physical changes in the office, or other measures will be identified in a written remediation plan, and Eagle can assist with implementation if this plan. Comprehensive written policies and procedures are created, with attention to State law which is sometimes more stringent than HIPAA regulations. Staff can be trained on the policies.
Once policies are in place, practices may subscribe to optional update and compliance review services. On an annual basis, Eagle performs an audit of compliance with existing procedures, provides updates as appropriate based on physical or other changes in the practice, and can provide training updates to staff, especially new staff.