The OP Review November 2005 - Ohio Psychological Association
The OP Review November 2005 - Ohio Psychological Association
The OP Review November 2005 - Ohio Psychological Association
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
This section is particularly helpful for<br />
“addressable specifications,” which you<br />
may choose not to implement but must<br />
explain why. And, especially for small<br />
practices, there is serviceable suggested<br />
language that can be cut and pasted into<br />
your own final documentation.<br />
After completing the (many) iterations<br />
of risk analysis/option<br />
selection/documentation for each<br />
standard and implementation<br />
specification, you will be tired.<br />
However, relief comes in reviewing the<br />
draft policies and procedures document<br />
which has been compiled automatically<br />
in the workbook’s background as you<br />
have been laboring on the earlier<br />
sections. This does need to be edited<br />
before being downloaded in a printable<br />
and electronically storable PDF format.<br />
As such it is your principal<br />
documentation for compliance.<br />
<strong>The</strong> Workbook also has a score of other<br />
labor saving features, including a set<br />
of compliance resources such as business<br />
associate contracts, Security Rule<br />
documents (e.g., security logs and<br />
reporting forms), technical resource<br />
guides for securing computers, and<br />
sample emergency operations and<br />
disaster recovery plans.<br />
Summing up<br />
Compliance with the Security Rule is<br />
like Edison’s take on invention. It’s 99<br />
percent perspiration, and that’s especially<br />
so if you have a trusted computer<br />
consultant to answer the pesky questions<br />
unique to your practice. <strong>The</strong> best thing<br />
about the Practice Organization’s<br />
Workbook is that it nearly eliminates the<br />
need for that inspiration part. Having<br />
struggled for months to understand and<br />
eventually to teach HIPAA Security, it<br />
was a great relief for me to realize, as I<br />
perspired through the workbook’s online<br />
exercises, that I did not have to continue<br />
any more of that squirrel cage activity of<br />
trying to figure out just exactly how to<br />
organize my compliance task. That was<br />
all done for me by the structure of the<br />
Workbook—especially its step-wise risk<br />
analyses and its compliance options<br />
for each standard. I could now just<br />
relax and mindlessly follow the path<br />
they laid out.<br />
In the process, I was surprised by<br />
several dangers posed by the Workbook’s<br />
risk analysis sections that I had not<br />
previously entertained. I can guarantee<br />
you will discover some angles you had<br />
not anticipated.<br />
And perspiration Even just cutting,<br />
pasting, and lightly editing the suggested<br />
language into the little text boxes that<br />
eventually become your PDF<br />
documentation file for the 18 standards<br />
and 34 implementation specifications is<br />
a lot of work. But to repeat, outside of<br />
the process steps and documentation<br />
requirements, the actual action steps to<br />
secure EPHI are neither complicated,<br />
expensive, nor terribly time consuming.<br />
Reprinted from “<strong>The</strong> North Carolina<br />
Psychologist” (May-June <strong>2005</strong>) with<br />
permission from the North Carolina<br />
<strong>Psychological</strong> <strong>Association</strong> and Dr.<br />
Charles Cooper. Copyright <strong>2005</strong> NCPA.<br />
<strong>OP</strong>A REVIEW 11