Compliance Measures in Hospital HR

Though it may not seem like it, a hospital’s HR department is under quite a bit of stress. Of course they handle things you would expect from HR -customer relationships, complaints, and so forth. But hospitals have the additional stress of complying with the HIPAA act.  At first glance, it would seem that HIPAA regulations really only dictate IT departments in hospitals, but upon further inspection you’ll find this isn’t so. In fact, there are several areas of HIPAA the HR department is expected to oversee on their own.

Amending Business Associate Agreements and Plan Documents

Under compliance with the HIPAA Security Rule, health plans are required to enter into documented agreements with third-party service providers. These providers can include insurance brokers, benefits administrators, and attorneys who may use and disclose PHI on the covered individual’s behalf. In addition, HIPAA requires all plan documents to include a conclusive list of who exactly is to use this PHI and for what purposes. Generally, HR oversees these business associate negotiations as well as the compilation of these lists. It is also HR’s responsibility to ensure these documents are updated whenever need be.

Hiring A Responsible Security Official

In compliance with HIPAA regulations, businesses are required to hire someone who will take on the responsibility of ePHI security. Ideally, this person should be someone other than the Privacy Officer selected to govern a different sector. It is HR’s responsibility to judge the candidates and select the best person for the position.

Controlling Access To ePHI

Probably one of the biggest and most important sections under HIPAA, controlling access to ePHI is a top priority. IT sectors are able to instill fail safes and protection programs on a technical level, but it is HR’s responsibility to choose which IT personnel have access to ePHI and the information protecting it (Such as passwords, usernames, etc.) HR also oversees the cataloging and exchange of ePHI, and governs the creation of access control lists.

Developing And Implementing Written Policies

All policy writing and resulting implementation takes place under the domain of Human Resources. Such policies include;

• Appropriate access to ePHI.
• Appropriate handling of terminated employees.
• Training staff.
• Identifying, reporting, and investigating claims of security incidents.
• Approving penalties brought against employees for security violations.
• Proper data disposal.

In addition, HR’s input will also be required for any administrative matters concerning these policies.

Security Awareness Training

While the IT department will be handling the substance of most training, it is HR’s responsibility to tailor that plan into something that suits the company’s unique situation. In addition, HR has say over several other critical functions related to training, such as;

• Identifying which employees need to undergo training.
• Whether a new employee will be allowed to access ePHI before their training is complete.
• The scheduling of training sessions.
• The documentation of which employees attended those sessions.

It is also under HR’s jurisdiction to decide if any employees must undergo supplemental training in the event of an update.

Contingency Planning

It is HR’s responsibility to discuss with the IT department a plan of action in the event of an emergency situation. These can include;

• Fires
• Floods
• Vandalism
• System Crashes

This plan must contain several sections dictating;

• A way to create and maintain system backups.
• A plan for the restoration of lost data.
• Establish a series of policies and procedures to follow which will safeguard, while allowing access to, ePHI.

Communicating The Overall Effectiveness Of The Compliance Plan

Finally, it is up to HR to take the lead when communicating the effectiveness of any new plans or updates to the business counsel. Council will review that all matters required to be attended to under HIPAA have been taken care of and documented accordingly. With the HR department already handling so much with compliance regulations such as HIPAA, they could use some help in other areas. That’s where PeopleSoft ERP and Belmero come in. PeopleSoft can streamline many of the customer relations tasks which HR must handle already. Additionally, the experts at Belmero can ensure that the program is fine tuned to increase productivity and positive customer experiences. This can take some of the weight off of the HR department and give them some room to breathe. If you would like to learn more about what our company can do for your hospital’s HR division with PeopleSoft software, feel free to visit our website. Additionally, if you would like to ask us a question directly, we welcome you to contact us.