To-Do Checklist for Internal HIPAA Compliance Officers

A HIPAA Compliance Officer is essential in making sure your compliance plan is being carried out throughout the organization. Many organizations have a compliance officer, or a compliance committee to handle these responsibilities. There are a number of duties attached to this position that weigh heavily on whether or not your organization meets the criteria under the HIPAA Laws and Regulations. The compliance team or officer should be certified by the AAPC or Health Care Compliance Association so that your organization can confidently move forward.

Duties of an Internal Compliance Officer or Committee

There are a number of elements involved in this position, and having an outline of the duties that must be carried out is key. The compliance officer(s) must start with:

  • Performance of a Baseline Assessment
  • Drafting of formal compliance program documents.
  • Review of all relevant documentation and coordination of an organization-wide audit.
  • Review of all current areas of noncompliance.
  • Distribution of documentation compiled for compliance plan.

After the initial coordination and distribution, the plan must be reviewed and updated on a consistent basis to ensure all employees are well trained and internal protocols are met. This checklist outlines additional compliance duties:

  • Development, coordination and training of all employees and members of the organization. The initial training must be comprehensive and cover the entire corporate compliance plan.
  • Performing audits of the training records to be maintained by the organization.
  • Reviewing all independent contractor agreements to ensure compliance is being met and all laws are followed.
  • Coordination and screening of all employees, independent contractors and other agents of the organization, doing thorough checks to make sure all contractors are operating within their scope and guidelines. Every effort must be made to check with the U.S. Government Accountability Office and cumulative sanction report to make sure no contractors or agents are debarred.
  • Conducting audits both internally and externally to make sure all compliance efforts are strictly adhered to. Every department within the organization must be examined, including all administrative areas and laboratories that are regulated under HIPAA and OSHA guidelines. This includes the coordination, training and auditing of all compliance manuals.
  • Development of policies and programs when noncompliance issues need to be reported. A reporting system must be in place that all employees and agents are aware of to notify the compliance officer or team when noncompliance issues are brought to light.
  • Coordination of any investigations that highlight deficiencies in the current reporting system or any deficiencies that are identified through period assessments of the plan and internal compliance.
  • Coordination of any actions taken to correct noncompliance issues that have been identified.
  • Maintaining all necessary files related to the compliance plan. Every component must be documented, in addition to all training schedules, a listing of all employees who have been trained, reports of screenings, reports of noncompliance, investigations and corrective actions.
  • Report to the board of directors on the progression of the initial implementation of the plan.
  • Develop a working budget to accommodate all training needs and compliance duties.

This outline of duties and checklist should keep your compliance officer and management on track in keeping your organization in compliance. Every effort should be made to have a compliance officer in place to meet the specific goals and requirements of the compliance plan.