Specialty Medical Clinic: A HIPAA Case Project

Create a policy framework implementation plan for the fictional Specialty Medical Clinic (the plan should not be longer than two pages). The Specialty Medical Clinic is being acquired by a larger parent organization under HIPAA compliance law. The parent organization is a hierarchical structure with multiple departments and clinics. The medical clinic is a flat organization.

Publish Your Policies for the New Clinic

 Understand what is going to change

    • Organizational structure
    • Management style
    • Mandatory compliance
    • Awareness of security and its operational incorporation
    • Increase in number of policies
    • Changes to existing policies
  • Understand change is not easy
    • Communicate effectively
    • Enroll and excite employees about the change
  • Create fair roles and positions to fit into the new hierarchical structure
  • Provide raises (even if marginal) to send the message that the change is good and to be welcomed
  • Have clarity on day-to-day operations for each role – the operations should reflect the required levels of compliance and security factors
  • Communicate expectations to employees – ensure clarity and transparency
  • Seek feedback and questions – and address them in a transparent manner
  • Communicate that you trust the employees to continue to be responsible and hold themselves to personal high standards (as they did in the flat organization structure)
  • Build trust in the new system
  • Have team building exercises to help new organization subunits to work in synergy
  • Reward proactive employees who champion the change and integration

Communicate Your Policies to the New Clinic Employees

  • In person meetings with the whole organization to communicate the changes coming and why it’s a good thing
  • Invite questions, expression of reservations, fears, and doubts
  • Communicate the timeline of integration
  • Emails about the parent company ethics, press releases etc.
  • One to one meetings the employees of the flat organization
  • Security and compliance awareness tools using multimedia, games, apps, quizzes etc.
  • Setting up a presentation with an auditor/compliance officer/lawyer to explain the seriousness of HIPPA and to field employee questions
  • Weekly blog posts and monthly newsletters can all be part of the security awareness and communication campaign

Fun, colorful, witty posters about the changes coming and the compliance needed

Involve Human Resources and Executive Management

  • HR and the Executive Management should be major stakeholders of the exercise of the smooth transition
  • Making decisions on new policies raises, communication campaigns, all require managerial buy-in and HR team involvement and input for successful implementation
  • The Human Resource team can be particularly helpful in inviting conversations, expelling fears, answering questions, and asking for feedback and play a vital role in the transition.