In our work with people with developmental disabilities, our obligations include, among other things, ensuring physical safety and abiding by the HIPAA rule. It seems that at least a few times a week there’s a news story about a shooting, a threat to a school or a healthcare setting, or a cybersecurity threat. These don’t make our obligations easy! Additionally, some insurance payers and business insurance companies have specific requirements about these areas.
As another resource, looking at the ACQ Standards, Section 4 addresses Risk Management, including HIPAA compliance and disaster planning. While ACQ provides guidelines as to what a provider should have in place, it is on the provider to write and enact policies that meet the guidelines, to optimally benefit the learners we serve. So, I started to look at policies.
While as providers and consumers of healthcare, we know about HIPAA, I was surprised how much information exists, far beyond what I learned in any of the mandatory trainings I’ve taken, and just how easy it is to have an accidental HIPAA violation.
Organizations like the American Red Cross offer disaster preparedness information sheets, but these are generic, and definitely not meant to address the specific needs of clinical settings for learners with developmental disabilities.
Our city recently offered security assessments, in which a local provider came out and walked the premises and made recommendations based on the presence or absence of equipment like security cameras and alarm systems.
I’m in the advantageous position of being the mom of a very smart IT guy with HIPAA and cybersecurity training that he got mostly to help me, but now uses to help others. What I learned from him is that I needed to do a LOT more than I thought I did. I also learned there are good cybersecurity insurance policies available. And thanks to my son, our assessor from the city told me we were one of the most secure businesses he surveyed.
I also have a friend who, among his many skills, does threat assessments and active shooter training, and happens to have knowledge of and experience with working with people with developmental disabilities. I asked him to come look at our locations and provide training for my staff. While he said his opinion was that we were not in a high threat situation, he also provided some good recommendations to improve the safety of staff and learners, and provided and informative training to the staff on what to do if a situation arose either in the clinic or while out in the community with a learner.
Obviously, these are not the only safety or IT related issues that we face as providers, just a few we’ve addressed recently (and some links to resources that might make something easier for someone else!)