Justifying Your Investment in A HIPAA Project Management Tool

HIPAA compliance is different for each covered entity. Those healthcare providers who have mandated HIPAA compliance from the top down are making good progress. The rest have mixed results. Some small physician practices have never heard of HIPAA and would probably spell it incorrectly.

So, we can all agree that covered entities are in various stages of HIPAA compliance and that defining what each covered entity must do to become compliant is a gray area.

With that said, what must a HIPAA Project Management Tool do to be effective for all covered entities? For starters, it should:

  • Be designed by someone who has been involved with enterprise-wide projects like Y2K and HIPAA.
  • Contain questions that have a cross-reference to the specific standards.
  • Contain explanations for each standard per the final rule.
  • Allow for input of day to day events, such as issues, incidents, and complaints.
  • Be flexible to allow for input of tasks associated with all HIPAA standards.
  • Contain a workflow design that organizes all gaps identified during surveys, physical walk-thru's, and issue, incident and complaint reporting.
  • Provide clear workplans and budget reports prioritized by risk.
  • Provide SNAP SHOTS of where you are with HIPAA compliance at any point in time.
  • Provide year to year trending of your process and gap levels so improvement and due diligence is documented.
  • Be able to provide your organization with a means to track ongoing PHI dataflow in and out of your organization.
  • Be able to compare your actual HIPAA compliance vs. your staff's knowledge and provide variance reports.
  • Be displayed during meetings so you can run your meeting and update status and eliminate hard copy notes.
  • Track mitigation progress right down to who is responsible and what the latest status is.
  • Document your entire mitigation plan, target dates, completion dates, and responsible resources.
  • Provide your hipaa executives with easy to read SNAP SHOT graphs and drill down to details.
  • Be powerful enough to be deployed across your enterprise.
  • Allow for the latest technology such as wireless tablets for mobile input of data (e.g. such as during physical security walk-thru's.).

Any healthcare provider may use a tool that does all of the above at any time, regardless of size, and regardless of your current HIPAA compliance level status. For example, if you have already conducted your assessments for privacy and security you can still benefit by implementing a tool. Why? HIPAA is not a one-time event. There are many variables that will change over time. Some of the variables are:

  • New departments.
  • New facilities.
  • New software applications.
  • Changes in business processes, policies, or procedures
  • Changes to the final rules.
  • New PHI dataflow third parties (candidates for business associate agreements).
  • New issues.
  • New incidents.
  • Patient complaints.
  • Ongoing audits.
  • Ongoing need for Snap shots of your compliance levels.
  • Updated status.
  • Life Cycle Management.

Each one of the variables listed above requires the same thing: Ongoing assessment, potential mitigation and budgeting, and DOCUMENTATION.

Completing your initial HIPAA assessments and implementing mitigation measures is a great accomplishment. However, it is only the beginning. Comprehensive HIPAA management requires ongoing day to day documentation of all of the events that occur for you to remain compliant.

A properly designed HIPAA project management tool reduces administrative time and costs by automating the process for:

  • Meetings.
  • Scheduling Surveys.
  • Conducting Surveys.
  • Conducting Annual Exams.
  • Capturing PHI Dataflow.
  • Assigning mitigation.
  • Tracking mitigation.
  • Capturing issues, incidents and complaints.
  • Central documentation of all HIPAA due diligence efforts.
  • Efficient snap shot status reporting.
  • Efficient budgeting and workplan development.
  • Efficient year to year trending.

How much will you save by becoming more efficient across your organization?

That depends on a number of variables that only you know. How many employees are now involved in HIPAA? How many employees should be involved in HIPAA in order to attain ongoing compliance? How much does it cost for your organization to manage HIPAA manually or via decentralized hard copy and electronic files?

An effective HIPAA project management tool can be easily cost justified. Your investment in a HIPAA project management tool should pay for itself in labor savings if it has all, or more, of the functionality listed above. Consider the following example for a large healthcare organization (e.g. hospital, nursing home, multi-physician practice).

Estimated investment costs:

HIPAA Tool Onetime licensing fee (per hosp)

 = $12,000.00
One time implementation fee
 = $ 2,000.00
Total One time fees
 = $14,000.00
Ongoing maintenance
 = $1000.00 / yr.


Based on the above estimates, the:

Year 1 average daily cost = $38.00 /day.
Year 2 and ongoing average daily cost: less than $3.00 / day

In year one, your costs are an average of $38.00 per day. If the hipaa project management tool saves your privacy and security officers 15-30 minutes per day in administrative tasks you break even. After year one your costs are reduced to an average of $3.00 per day.

The average cost for a single practice tool is approximately $7.00 per day in year one, and $.27 /day after year one.

Make sure you purchase your HIPAA project management tool from a company that has experience managing enterprise-wide compliance projects for large healthcare organizations. Make sure the company provides you with an efficient way to communicate ideas, ask questions, and make suggestions. Make sure the software is designed in standard database engines such as MS-Access. You most likely have and use MS-Access already.

Not too long ago it cost $100,000.00 for 16K of mainframe memory! And big bucks for software solutions for organizational projects such as HIPAA. Today, excellent software solutions are available at a fraction of the cost, and can do more than the software of old.

Finally, there is another intangible but very important cost justification consideration. How much can you reduce your potential negligence liability risk by attaining a well organized centralized database tool that documents your due diligence efforts? This may be the greatest cost benefit of all.

Good luck on your road to HIPAA compliance, and remember that the information you are protecting may be your own!

Gerry Blass
President, Blass Consulting LLC
Colts Neck, NJ
www.complyassistant.com
Attend an Online Interactive Meeting
Attend an online meeting 5 days a week during your normal business hours. Online meetings are provided via our dedicated website.
Click here to request an online meeting.
Copyright 2002 - 2005. All rights reserved. Blass Consulting, LLC.

About the Company

About the ComplyAssistant Family of Software

Attend an Online Interactive Meeting

Contact Us

Seminars

Links
White Papers

Risk Analysis: 1st Step in HIPAA Security


HIPAA Monster

Justifying A HIPAA Software Tool

TCS Issues, Concerns & Enforcement

Security Issues, Concerns & Enforcement

So You Missed The Final Deadline