But free wasn't the main reason that Mike Walsh, MD and Head of Compliance for Excel Anesthesia, decided to download and implement the HIPAA Book of Evidence app from the SharePoint Store. Dallas, Texas-based Excel Anesthesia is a practice of 26 anesthesiologists, none of whom work in the office. They all work in hospital operating rooms and other surgery and outpatient facilities, and are constantly on the move between locations. I had the pleasure of meeting with Dr. Walsh a few weeks ago to find out exactly why he's become such a fan of the HIPAA Book of Evidence and of Office 365 as well.
Q: Dr. Walsh, what were the big HIPAA compliance challenges that you were able to overcome with the HIPAA Book of Evidence app?
Walsh: As a small practice, our business challenges are the same as they are for every physician, medical practice, and healthcare facility: How do we implement and maintain an effective and active compliance program in a cost-efficient manner that (1) protects our interests and our patients’ interests, (2) meets all pertinent privacy and security regulations, (3) guides the administrative, physical, and technological components of the practice, and (4) is well documented. Every practice struggles with both compliance and documenting compliance. That's true for solo practitioners like myself as well as large medical group practices—and it’s a problem that will never ends because HIPAA compliance is an ongoing process. But documentation is now especially critical because we know that every practice has to be ready for a surprise audit at any time by the HHS Office for Civil Rights.
Q: What would you say are the top reasons you'd recommend the HIPAA Book of Evidence to your colleagues?
Walsh: In three words, systematic, comprehensive, and free. What I liked about the Book of Evidence when I first test-drove it was that I could see that it was built on some of the most important principles of compliance: it is systematic, it is directly based on specific HIPAA regulations, and it is comprehensive. The real key to compliance is to know what is expected and required and to systematically pursue it and document it along the way. The Book of Evidence is a tool that helps you do just that. It marches you through the vast array of requirements to make sure you don’t miss anything and, equally important, to help you document everything so that you can prove what you need to prove. I'd be surprised if many or maybe even most practices have ever experienced such a thorough and systematic tool for pursuing compliance.
Of course, it also helps that it's free. But I probably would have paid for it if it wasn't because of the high value we've realized from it.
Q: How easy or difficult was it to implement the Book of Evidence?
Walsh: Incredibly enough, the HIPAA Book of Evidence is instantly available at no charge to anyone with SharePoint 2013 or Office 365. It doesn’t get any more cost-efficient than this. Installation was easy. I just logged on to my SharePoint 2013 site, followed the instructions on how to add an app from the SharePoint Store, searched for "Book of Evidence," and clicked "Add." About three minutes later I was entering data into the tool.
I found the interface to be intuitive and easy to use. It guides you through the key questions and activities, prompting you to enter the necessary information. Despite the fact that there are 169 steps to complete in the OCR audit protocol, it walks you through each one and makes it as easy as it can get. These are the actual questions an OCR auditor would likely ask, so it really helps you ensure that your compliance efforts are comprehensive. Furthermore, it’s customizable so it can be adapted to your exact situation, which can help you make sure you’re covered on the "addressable" requirements. Most steps only take a few minutes, and at the end of the process you end up with a report that can be used to help you prioritize activities for a robust action plan.
Q: It's one thing for a practice to get started on HIPAA compliance. Nearly every practice has done that by now. But it's completely another thing to maintain the process discipline to stay in compliance and keep up with constant changes in the regulations. How does the HIPAA Book of Evidence help you maintain compliance and stay current?
Walsh: Compliance is a process, not an endpoint. It never ends. The highly complex HIPAA regulations will constantly be changing, technology changes even faster, and the practice environment will continually throw a myriad of obstacles in the way. We could devote a whole separate session to the innumerable challenges that healthcare compliance poses. The nice thing about the HIPAA Book of Evidence is that US Medical IT can easily push out an update when the law changes or when the company improves the app. And because we’re instantly notified when an upgrade is available, we can immediately upgrade our HIPAA Book of Evidence to comply with those changes. That gives us the peace of mind that we won't miss important changes in the law that could blindside us while we're all preoccupied with patient care.
Q: Do you have any additional advice for your colleagues about how to get, maintain, and document being compliant with HIPAA?
Walsh: I'd encourage every physician to pursue making their practices compliant with HIPAA and the best way to do this is to implement an active compliance program in their practices. To do this, they need to find a tool that suits them and, ideally, is customizable to their unique situation and budget.
It's also important to emphasize that tools are only tools and they require competent “hands” using them for optimal results. What we did—and what I would recommend to anyone—is combine an ideal tool like the HIPAA Book of Evidence with appropriate guidance from a qualified compliance professional. But as for the tool itself, I think the Book of Evidence breaks new ground in that it's the best compliance-enabling platform I’ve seen and will help many practices avoid reinventing the same, costly wheel.
Have a comment or opinion on this post or a question for the author? Send us an email or let us know on Facebook or via Twitter.