Select Page

Paxson Question of the Month (Vol. 10: Where Do My Policies Belong?)

Paxson Question of the Month (Vol. 10: Where Do My Policies Belong?)

Each month, we feature a real question asked by one of your fellow ICS members through Paxson, our closed-system AI assistant built just for Illinois chiropractic physicians. Paxson provides quick, accurate, and member-directed support on a wide range of topics, from insurance issues and licensure requirements to documentation, compliance to social media posts, and more.

These featured questions offer valuable insights you can use in your own practice, and serve as a reminder that help is just a click away.

Advertisement

Have a question? Paxson is ready when you are at www.ilchiro.org/paxson.

Every clinic has documents that staff rely on, but not every document belongs in the same binder. This month’s Paxson Question of the Month highlights a common operational pain point for multi-provider, multi-disciplinary clinics, namely, how to keep an employee handbook focused on HR expectations while still maintaining clear, defensible operational policies and HIPAA privacy and security safeguards.

The Question (as received)

User:
“If I gave you a table of contents from my employee manual can you tell me if anything there should be in the policy and procedure or hippa manual instead?”

Assistant:
Yes, you can paste your employee manual table of contents here, and I can help you sort what’s better positioned in:

  • an Employee Manual (workplace expectations, HR-type rules),
  • a Policy & Procedure manual (day-to-day operational workflows and controls), and/or
  • a HIPAA Privacy & Security manual (privacy, security, breach-related procedures and safeguards).

Using an OIG-style compliance structure, I’ll generally flag items for the Policy & Procedure/compliance side when they relate to things like billing, coding, sales/marketing, referrals, records retention/destruction, excluded-party screening, compliance reporting/investigations, and disciplinary/enforcement. I’ll flag items for the HIPAA manual when they involve Privacy Rule, Security Rule, safeguards for PHI/ePHI, or breach notification processes.

To make sure I categorize it correctly, when you paste the table of contents, also tell me:

  1. Is this for a solo practice, partnership, or multi-provider clinic?
  2. Do you do in-house billing/coding, or use an outside service?
  3. Do you have a designated Compliance Officer role (even if it’s the owner)?

Would you like me to return it as a marked-up list like: “Keep in Employee Manual” / “Move to Policies & Procedures” / “Move to HIPAA Manual”, with brief notes for each item? You can copy/paste the result into your outline.

What happened next

[Editor’s Note: Although we typically include the entire conversation, this exchange had 14 different back-and-forth discussions and would have been 21 pages of information. Instead, we have summarized the rest of the conversation to demonstrate a unique method of utilizing Paxson in your practice setting.]

After confirming the clinic was multi-provider and multi-disciplinary, with in-house billing and a designated compliance officer, Paxson walked through a structured, practical approach that clinic owners and managers can replicate.

1) Paxson labeled the entire employee handbook table of contents

Rather than rewriting policies from scratch, Paxson started with what the clinic already had and labeled each heading in one of three buckets:

  • Keep in Employee Manual for HR and workplace expectations.
  • Move to Policy and Procedure or Compliance Manual for operational controls and OIG-style compliance elements.
  • Move to HIPAA Privacy and Security Manual for anything that governs PHI or ePHI safeguards.

Key takeaways from that first pass were especially useful for chiropractic practices because they show where clinics commonly drift into duplication. For example, Paxson separated HR discipline (employee handbook) from compliance program enforcement (compliance manual), and advised keeping only a short confidentiality expectation in the handbook while moving detailed PHI rules to HIPAA.

2) Paxson rebuilt three clean tables of contents

Once the headings were labeled, Paxson converted the clinic’s content into a recommended three-document structure:

  • Employee Handbook focused on conduct, HR administration, time and attendance, leave, performance, discipline, safety, and benefits.
  • Compliance Manual or Office Compliance Plan framed around an OIG-style program, including billing and coding guardrails, reporting and non-retaliation, investigations, auditing and monitoring, and key risk topics like referrals and marketing.
  • HIPAA Privacy and Security Manual positioned as the source of truth for privacy, security safeguards, and incident response.

This step matters because many clinics attempt to “make one manual do everything.” Paxson’s approach reduces confusion for staff and reduces risk by clearly defining what controls which topic.

3) Paxson created an implementation-ready migration map

To help the clinic actually move content, Paxson provided a plain-language crosswalk showing:

Old location → New manual → New section

That map covered the handbook content first, then Paxson repeated the same method for the clinic’s Policy and Procedure manual, separating day-to-day workflows (front desk, scheduling, patient flow, imaging prep, supplies, and routine operations) from HIPAA-heavy areas (medical records requests, PHI communications, device and data safeguards) and from compliance guardrails (waivers of cost-sharing, coding standards, audits, marketing incentives, discounts, and related risk areas).

4) Paxson mapped the HIPAA manual and fixed governance alignment

When the clinic shared its HIPAA table of contents, Paxson confirmed that the bulk of the content correctly belonged in HIPAA, including minimum necessary standards, risk analysis, password management, audit controls, mobile device rules, workstation and facility access controls, media reuse and disposal, contingency planning, breach documentation, and business associate oversight.

Paxson also spotted the sections that are often better maintained outside of HIPAA as HR or compliance governance items, then tied them together with clear cross-references. In other words, Paxson kept HIPAA policies in HIPAA, but aligned role descriptions and sanction processes with where clinics typically maintain them.

5) Paxson delivered copy-and-paste cross-reference language

Finally, Paxson provided ready-to-use “source of truth” language for each manual and short cross-reference paragraphs clinics can paste anywhere a topic is mentioned in multiple documents. This is a practical way to reduce duplication while still giving staff clear direction.

Why this matters for chiropractic physicians in Illinois

Chiropractic physicians and their teams are expected to manage privacy and security obligations, maintain credible documentation practices, and operate with compliance-minded workflows, all while keeping staff training and accountability clear. A clean separation of documents, with deliberate cross-references, makes it easier to train staff, reduce policy conflicts, and respond confidently when questions arise.

Rate:

About Author

ICS Staff

The Illinois Chiropractic Society staff works collaboratively on many topics to bring the most comprehensive and relevant information to our members. We have over 60 years of chiropractic experience and understand the heartbeat of the profession. We all look forward to providing relevant information to our members for years to come.

Related Posts

Live from Phoenix, AZ

Live from Phoenix, AZ

November 11, 2016

Top Ten Year-End Reminders for Chiropractic Physicians

Top Ten Year-End Reminders for Chiropractic Physicians

December 12, 2018

Medicare, Chiropractic, and Checklists

Medicare, Chiropractic, and Checklists

February 12, 2020

<strong>Common Pitfalls in Your First Year of Practice</strong>

Common Pitfalls in Your First Year of Practice

May 24, 2023

Member Log In

Not logged in?
ICS Members - Login Here

Click Here to Access Your Member Account

Click Here to Join the ICS

Corporate Club Members

Article Categories