Excellence in Dermatology™
Excellence in Dermatologic Surgery™
Excellence in Medical Dermatology™
Excellence in Dermatopathology™

Compliance Pack

Ensure your practice is compliant with this exclusive AADA pack covering HIPAA, HITECH, CLIA and learn how to avoid and reduce billing fraud. Plus, get access to a ton of handy checklists, tip sheets and much more!

Not available online
This product is currently not sold online. To order please call 866.503.7546.

The AAD store is currently offline for scheduled maintenance and is anticipated to be back up on Monday, December 17, 2018. To place an order please call toll-free (866) 503-SKIN (7546) or (847) 240-1280 for calls outside the U.S. We apologize for any inconvenience.
  • Overview

    In this comprehensive Compliance Pack, you will receive guidance on how ensure your practice is compliant by understanding and implementing HIPAA and HITECH, learn how to get ready for an inspection and how to avoid and reduce potential billing fraud.

    Get access to customizable templates including model policies and procedures, sample model contracts and cost-revenue models!
    Compliance Pack Includes:

    •  A Guide to HIPAA and HITECH for Dermatology Manual
    • Clinical Laboratory Improvement Amendments (CLIA) for Dermatology Manual
    • Maintaining Compliance in Dermatology: Safeguarding Against Legal and Financial Risk Manual
  • Guide to HIPPA and HITECH Table of Contents
    1. PART 1: Step-By-Step Guide to the Privacy Rule
      • STEP 1: Read the Overview of the Privacy Rule
      • STEP 2: Select a Privacy Officer
      • STEP 3: Review and Implement Privacy Officer Responsibilities
        • Exhibit P1: Privacy Officer Job Responsibilities
      • STEP 4: Conduct a Walk-Through of the Practice to Identify Privacy Risk Areas
        • Exhibit P2: Internal Privacy Checklist
      • STEP 5: Implement a Notice of Privacy Practices
        • Exhibit P3: Notice of Privacy Practices
      • STEP 6: Implement a Written Acknowledgement Process
        • Exhibit P4: Receipt of Notice of Privacy Practices Written Acknowledgement Form
      • STEP 7: Implement Privacy Policies and Procedures
        • Exhibit P5: Sample Privacy Policies and Procedures
      • STEP 8: Implement a Patient Authorization Form
        • Exhibit P6: Patient Authorization for Practice to Release Protected Health Information
        • Exhibit P7: Illustrations of Situations Requiring/Not Requiring Authorization
      • STEP 9: Implement a Form Requesting Restrictions onUses and Disclosures of PHI
      • STEP 9A: Receipt of Requests for Confidential Communications of PHI
        • Exhibit P8: Request for Limitations and Restrictions of Protected Health Information (PHI)
      • STEP 10: Implement a Form to Inspect and Copy PHI
        • Exhibit P9: Request to Inspect and Copy Protected Health Information
      • STEP 11: Implement Access Denial Form
        • Exhibit P10: Patient Denial Letter
      • STEP 12: Implement a Form to Amend PHI
        • Exhibit P11: Request for Correction/Amendment of Protected Health Information
      • STEP 13: Implement a Form to Receive an Accounting of Certain Disclosures of PHI for Non-TPO Purposes
        • Exhibit P12: Request for an Accounting of Certain Disclosures of Protected Health Information
      • STEP 14: Implement a Log to Track Disclosures of PHI
        • Exhibit P13: Log to Track Disclosures of Protected Health Information (PHI)
      • STEP 15: Implement Patient Complaint Forms
        • Exhibit P14: Patient Complaint Form
      • STEP 16: Determine Who Can Use and Disclose PHI
      • STEP 17: Update or Develop Job Descriptions with Respect to PHI Use and Disclosure
      • STEP 18: Develop a List of Your Business Associates
        • Exhibit P15: Listing of Typical Business Associates In Terms of the Privacy Rule
        • Exhibit P16: A Medical Practice Guide for the Privacy Officer to Identify Business Associates
      • STEP 19: Implement Business Associate Agreements
        • Exhibit P17: Business Associate Agreement
      • STEP 20: Train All Physicians and Staff on Privacy Policies and Notice of Privacy Practices
        • Exhibit P18: Privacy Policy Training Checklist
      • STEP 21: Document Physician and Staff Training for Privacy Rule
        • Exhibit P19: Training Documentation Form for Privacy Rule
      • STEP 22: Document Physician and Staff Training for Privacy Rule
        • Exhibit P20: Workforce Confidentiality Agreement
      • STEP 23: Monitor Compliance with the Privacy Rule
        • Exhibit P21: Privacy Officer’s Incident Event Log
      • STEP 24: Breach Notification Requirements
        • Exhibit P22: Breach Notification Policy
        • Exhibit P23: Breach Notification Letter
        • Exhibit P24: Breach Notification Log
        • Exhibit P25: Model Opt-Out Language
    2. PART 2: Step-By-Step Guide to the Security Rule
      • STEP 1: Read the Overview of the Security Rule
      • STEP 2: Appoint a Security Official/Prepare & Implement Job Responsibilities
        •  Exhibit S1: Security Official Job Responsibilities
      • STEP 3: Perform a Risk Analysis
        • Exhibit S2: HIPAA Security Rule Standards Matrix and Risk Analysis
      • STEP 4: Determine if Computer System is Capable of Providing Electronic/Audit Trails; Implement Audit Control Policies & Procedures
        • Exhibit S3: Sample Audit Trails Policy and Procedures
        • Exhibit S4: Sample Event Record
      • STEP 5: Develop Workforce Clearance Procedures and Means of Implementing Clearance Requirements for Employees who Access EPHI
      • STEP 6: Design and Implement User Identification and Authentication Policies and Procedures for Electronic Information Systems
        • Exhibit S5: Security Official Job Responsibilities
      • STEP 7: Implement Automatic Log-Off Processes
      • STEP 8: Implement Transmission Security/Encryption Technology
      • STEP 9: Install Protection from Malicious Software; Report Security Incidents
        • Exhibit S6: Sample Anti-Virus Policies and Procedures
        • Exhibit S7: Security Incident Report
      • STEP 10: Implement Firewall Technology
      • STEP 11: Review and Implement Computer Backup Policies and Procedures
        • Exhibit S8: Sample Backup Policy and Procedures
      • STEP 12: Develop Security Incident Policies and Procedures
        • Exhibit S9: Sample Security Incident Policy and Procedures
        • Exhibit S10: Sample Security Incident Log
      • STEP 13: Implement Facility Maintenance Log
        • Exhibit S11: Facility Maintenance Log
      • STEP 14: Develop Facility Security and Contingency Plans
        • Exhibit S12: Sample Contingency Policy and Procedure
        • Exhibit S13: Contingency Plan Steps
      • STEP 15: Develop a List of Business Associates and Implement Agreements
        • Exhibit S14: Listing of Typical Business Associates In Terms of the Security Rule
        • Exhibit S15: A Medical Practice Guide for the Security Official to Identify Business Associates that Access PHI
      • STEP 16: Create Computer Workstation Use Policies and Procedures
        • Exhibit S16: Sample Policy and Procedures on Workstation Use
      • STEP 17: Document and Train All Physicians and Staff on the Security Policies and Procedures
        • Exhibit S17: Security Policy Training Checklist
        • Exhibit S18: Training Documentation Form For Security Rule
      • STEP 18: Obtain Signed Workforce Confidentiality Agreements from All Physicians and Staff
      • STEP 19: Monitor Compliance with the Security Rule
      • STEP 20: Evaluate All Policies and Procedures Periodically
      • STEP 21: Create Workforce Termination Procedures
        • Exhibit S19: Sample Workforce Termination Procedures
        • Exhibit S20: Workforce Termination Checklist
      • STEP 22: Create Workforce Termination Procedures
        • Exhibit S21: Sample Sanction Policy
    3. Appendix 1: Frequently Asked Questions
    4. Appendix 2: HIPAA Resources
    5. Appendix 3: Facsimile Transmittal
    6. Appendix 4: Forms Checklist
    7. Appendix 5: Patient Consent Form (OPTIONAL)
    8. Appendix 6: Patient Consent for Use and Disclosure of Protected Health Information (OPTIONAL)
    9. Appendix 7: Determine Whether Your Practice Uses and Discloses PHI for Research Purposes
    10. Appendix 8: Implement a Data Use Agreement
    11. Appendix 9: Determine Whether Your Practice Participates in an Organized Health Care Arrangement (OHCA)
    12. Appendix 10: Addressable Specifications
    13. Appendix 11: Security Standard Scalability Example
    14. Glossary
  • CLIA & Maintaining Compliance Table of Contents
    1. Introduction
      • Clinical Laboratory Improvement Amendments (CLIA)
        • How to Use This Manual
    2. I. Section I
      • Regulatory Overview
        • CLIA Regulations Related to Quality Assessment
        • CLIA Regulations Related to Quality Control
        • CLIA Regulations Related to Proficiency Testing
        • CLIA Regulations Related to Patient Test Management
    3. II. Section II
      • Laboratory Classifications
        • Exhibit I: CLIA Application for Certification
    4. III. Section III
      • Laboratory Procedure Manual
        • Introduction
        • Model Laboratory Procedure Manual for Dermatology Practices
        • Form 1: Microscope Use Protocol
        • Form 2: Microscope Maintenance Record
        • Form 2: Microscope Maintenance Record (Example)
        • Form 3: Cryostat and Microtome Use Protocol
        • Form 4: Cryostat / Microtome Maintenance Record
        • Form 4: Cryostat / Microtome Maintenance Record (Example)
        • Form 5: Refrigerator Use Protocol
        • Form 6: Refrigerator Maintenance Record
        • Form 6: Refrigerator Maintenance Record (Example)
        • Form 7: Fume Hood Use Protocol
        • Form 8: Fume Hood Maintenance Record
        • Form 8: Fume Hood Maintenance Record (Example)
        • Form 9: Thermostat-Controlled Water Bath Use Protocol
        • Form 10: Water Bath Maintenance Record
        • Form 10: Water Bath Maintenance Record (Example)
        • Form 11: Drying / Microwave Oven Use Protocol
        • Form 12: Drying / Microwave Oven Maintenance Record
        • Form 12: Drying / Microwave Oven Maintenance Record (Example)
        • Form 13: Thermostat-Controlled Paraffin Embedding Station / Automated Stainer / Automated Fixation, Dehydration, and Paraffin Embedding Processor Use Protocol
        • Form 14: Thermostat-Controlled Paraffin Embedding Station / Automated Stainer/ Automated
        • Fixation, Dehydration, and Paraffin Embedding Processor Maintenance Record
        • Form 14: Thermostat-Controlled Paraffin Embedding Station / Automated Stainer/ Automated
        • Fixation, Dehydration, and Paraffin Embedding Processor Maintenance Record (Example)
        • Form 15: pH Meter Use Protocol
        • Form 16: pH Meter Maintenance and Calibration Record
        • Clinical Laboratory Improvement Amendments (CLIA) 5
        • Form 16: pH Meter Maintenance and Calibration Record (Example)
        • Form 17: Repair and Service Companies — Laboratory Equipment
        • Form 18: Room and Temperature Log Sheet
        • Form 18: Room and Temperature Log Sheet (Example)
        • Procedure and Form 1: Ectoparasites
        • Procedure and Form 2: Potassium Hydroxide (KOH) Examination of Skin, Hair, or Nails
        • Procedure and Form 3: Vaginal Wet Preparation/Potassium Hydroxide (KOH) Examination
        • Procedure and Form 4: Tzanck (Cytodiagnostic) Smear
        • Procedure and Form 5: Fungal Culture/Dermatophyte Test Medium (DTM)
        • Procedure and Form 6: Staining Procedures
        • Procedure and Form 7: Cytodiagnosis of Molluscum Contagiosum
        • Procedure and Form 8: Microscopic Hair Shaft Evaluation
        • Procedure and Form 9: Histopathology
        • Procedure and Form 10: Histopathology — Mohs Surgery
    5. IV. Section IV
      • Quality Assessment Manual
        • Model Quality Assessment Plan
        • General Laboratory Quality Systems
        • Confidentiality Of Patient Information
        • Specimen Identification And Integrity
        • Complaint Investigation
        • Communications
        • Personnel Competency Assessment
        • Proficiency Testing Policy
        • Safety
        • Preanalytic Quality Systems
        • Test Request
        • Specimen Collection, Submission, Handling, And Referral
        • Analytic Systems
        • Procedure Manual
        • Test Systems
        • Environment, Instruments, Reagents, Materials, And Supplies
        • Performance Specifications
        • Maintenance And Function Checks
        • Calibration/Calibration Verification
        • Quality Control
        • Comparison Of Test Results
        • Corrective Actions
        • Test Records
        • Postanalytical Systems
        • Test Reports
        • Normal Values
        • Alert Values
        • Error Report
        • Electronic Systems
        • American Academy of Dermatology
    6. V. Section V
      • Proficiency Testing
    7. VI. Section VI
      • The Inspection Process
        • Preparing for and Responding to a Laboratory Survey
        • Part 1: Preparing for a Laboratory Survey
        • Part 2: Responding to a Laboratory Survey
    8. VII.Section VII
      • Training Materials for Staff


    1. Introduction
    2. Compliance Manual A Guide for Dermatology Practices
      • An OIG Compliance Glossary: Abbreviations and Definitions
      • OIG Compliance vs. HIPAA Compliance
      • Office of the Inspector General (OIG) Compliance — Voluntary
      • HIPAA Privacy and Security Compliance — Mandatory
    3. Exhibit 1 Some Questions Compliance Professionals Should Ask as They Prepare for Health Care Reform
    4. Exhibit 2 Understanding Program Exclusions
    5. Exhibit 3 Commonly Used Anti-Kickback Statute Safe Harbors
    6. Exhibit 4 Physician Self-Referral Law (42 U.S.C. § 1395NN): Commonly Used Physician Self-Referral Law Exceptions
    7. Exhibit 5 Physician Self-Referral Law (42 U.S.C. § 1395NN): 
    8. Three Questions to Ask When Analyzing the Physician Self-Referral Law 
    9. Stark Law Compliance Tips
    10. Exhibit 6 Comparison Of The Anti-Kickback Statute And Stark Law
    11. Chapter 1 Why Your Practice Should Consider Implementing an OIG Compliance Program
    12. Chapter 2 Medicare Basics for Dermatology Practices — A Refresher Course
    13. Medicare Part A 
    14. Medicare Part B
    15. Medicare Part C
    16. Medicare Part D – Prescription Drug Program 
    17. Physician Participation in the Medicare Program
    18. Additional Medicare Billing Considerations
    19. Exhibit 7 Out-of-Network Waiver Form
    20. Exhibit 8 Patient Information
    21. Exhibit 9 Sample Beneficiary Letter — Nonparticipation — Elective Surgery
    22. Exhibit 10 Notice to Medicare Patients
    23. Exhibit 11 and Exhibit 12 Advance Beneficiary Notice (ABN)
    24. Exhibit 13 Notice of Noncovered Service to Managed Care Patients
    25. Exhibit 14 Medicare Patient Registration
    26. Chapter 3 Designating a Compliance Officer or Contact
    27. Exhibit 15 Compliance Leader Job Description
    28. Chapter 4 Outlining and Implementing Your OIG Compliance Plan 
      •  The Let’s Do It Schedule – Setting the Compliance Program in Motion 
      •  Effective Audits Protect Your Practice 
      •  Deciding Which Type of Audit to Do First 
      •  The Function of Monitoring and Auditing
    29. Exhibit 16 Simple Audits with Sample Surveys
    30. Exhibit 17 Operating an Effective Compliance Program
    31. Exhibit 18 Confidentiality Policy and Confidentiality Statement
    32. Exhibit 19 Sample Job Description
    33. Chapter 5 Implementing Compliance Practice Standards 
      • What’s the Difference Between a Policy and a Procedure? 
      •  Writing Procedures 
      •  Who is Going to Write the Procedure for Each Job? 
      •  Options to Procedure Writing In-House
    34. Exhibit 20 Sample Office Policy
    35. Exhibit 21 Sample Office Procedure
    36. Exhibit 22 Initials Log
    37. Exhibit 23 Refund Notice
    38. Exhibit 24 Minor Patient Registration Form
    39. Exhibit 25 Patient Demographics
    40. Exhibit 26 Fee Ticket/Encounter Form Completion
    41. Exhibit 27 Charge Entry/Claims Submission
    42. Exhibit 28 Payment Posting
    43. Exhibit 29 Appeals and Reviews
    44. Exhibit 30 Sample Appeal Letter
    45. Exhibit 31 Audit Requests
    46. Exhibit 32 Collection of Copayments, Deductibles and Balance Billing
    47. Exhibit 33 Medical Necessity
    48. Exhibit 34 Coding Documentation
    49. Chapter 6 Conducting Appropriate Compliance Training and Education 
      •  Education and Training to Achieve Compliance 
      •  Documenting Your Education and Training Efforts
    50. Exhibit 35 MEDICARE MedLearn (MLN)
    51. Exhibit 36 Record of Baseline Testing, Education, and Training
    52. Exhibit 37 Record of Review of Educational Materials
    53. Exhibit 38 In-Service Training Documentation
    54. Exhibit 39 Evaluation of Presentation
    55. Exhibit 40 Medicare Baseline Test
    56. Exhibit 41 Training Policy
    57. Chapter 7 Responding to Detected Offenses and Developing Corrective Action
      • Taking Corrective Action – The Fix It Plan 
      • Developing a Set of Monitors and Warning Indicators
    58. Exhibit 42 A Sample OIG Compliance Policy
    59. Exhibit 43 Employee Certification
    60. Exhibit 44 Compliance With HHS OIG Fraud Alerts
    61. Exhibit 45 Investigations and Corrective Actions
    62. Exhibit 46 Annual Compliance Audit
    63. Exhibit 47 Compliance Documentation
    64. Exhibit 48 Tips for Success in the OIG Self-Disclosure Protocol
    65. Chapter 8 Developing Open Lines of Communication
    66. Exhibit 49 Suspected Violation(s) Report
    67. Exhibit 50 Training Tool: Compliance is Always a Two-Way Communication
    68. Chapter 9 Enforcing Disciplinary Policy through Well-Publicized Guidelines 
      • The Enforcement Plan
    69. Exhibit 51 Counseling Conference Sheet
    70. Exhibit 52 Non-Employment of Sanctioned Individuals
    71. Exhibit 53 Employee Standards of Conduct and Disciplinary Policy and Action
    72. Chapter 10 Maintaining Your OIG Compliance Program