As many of you know, anyone who deals with reimbursement programs that are provided by the State operates federally under the auspices of the Department of Health and Human Services. Within this organization there are two enforcement and oversight bodies, the Office of the Inspector General(OIG) and the Office for Civil Rights(OCR). The OIG requires organizations to work with vendors and individuals who are not sanctioned or excluded from working with federal or state programs. The OCR, who oversees HIPAA compliance requirements, requires that any entity working with Protected Health Information (PHI) have proper security and risk assessment programs in place to monitor any third party handling PHI data. Failure to meet any of the OIG and OCR compliance requirements can result in huge fines, not to mention damage your hospital’s reputation.
So what can you do to build up your defenses to ensure your organization is doing all it can to protect itself from the risk associated with bringing in third-party vendors and contractors? As with all things, a strategic approach is necessary to determine the steps that need to be taken as well as to help with measuring success. The question then becomes, how do we create a winning strategy?
To begin we go back to the basics and ask ourselves: who, what, when, where, why…
Who – is responsible for managing strategy?
What – are the desired outcomes?
When – do vendors need to comply?
Where – will the information be stored?
Why – must the organization have a strategy?
Answering these questions can provide you with the foundation required to build out a strategic roadmap for protecting yourself against risk and costly fines. This includes planning out the tools and resources you’ll need to put your plan into effect—the final step, the “how” refers to how this will this be implemented. The “5 Ws and How” is a framework that has been developed to provide a definitive set of results while providing a checklist that ensures we develop the right strategy for your needs and resources.
Ready to get started? Get a more detailed look at how you can build your own strategy to avoid costly OIG and OCR fines, watch our webinar: Minimizing the Risk of Third Party Vendors and Contractors!