The Health and Human Services Office of Civil Rights (OCR) has been doing limited audits to ensure covered entities and business associates are in compliance with regulations governing health information privacy, security, and breach notification…
As the national security standard for protecting patient health information, HIPAA stands as a safeguard for medical information. But Christopher Fuller of TechRepublic.com was recently quoted to say:
“The biggest challenge presented by HIPAA is to accurately and consistently protect individuals’ privacy without crippling business.”
Do you feel equipped and confident that your organization and staff are HIPAA compliant? Non-compliance can be catastrophic, costing your business hundreds of thousands of dollars in violation penalties and fines. And those penalties don’t just fall on the shoulders of healthcare payers and providers. Organizations who are in business with covered entities –payers, providers, healthcare agencies, etc. – can also be held liable due to HIPAA data breaches.
HIPAA standards are complex and can be confusing. Evaluate your compliance and limit your risk of violation citations by asking yourself these six questions:
How Are You Disclosing Patient Information?
For most professionals, it’s common to leave work and share the details of the day with others, but those in healthcare have to more mindful of what workplace information goes out the door. Disclosing patient information warrants significant fines. Employees must be aware of when, where and with whom patient information gets shared. Common disclosure violations include, shared information with unauthorized family members or information shared within earshot of other patients.
Do Patients Have Full Access To Their Medical Records?
HIPAA requires that all patients have accessibility to their medical records as needed. When accessibility is prevented or stalled, violations may ensue. It seems simple to avoid this mistake, but it’s often the most basic terms that are easiest to violate. Denying access to a legally authorized guardian or delaying access to medical records because of late payments, all fall within HIPAA’s accessibility violation standard. Ensure employees understand that though medical records may live within your practice, they are owned by the patients themselves.
Is Your Patient Data Encrypted?
Patient data that lacks encryption exposes all patients, and the business, to increased vulnerability. Part of protecting patient information is the technology and security measures put in place to keep that information safe.
What Role Does Digital Technology Play In Your Business?
Connectivity has now become part of our daily lives. And for many, technology is used to keep the rest of the world updated on our lives in real-time. That’s a dangerous place to operate from as a healthcare professional. Help your employees understand the place social media and text communication can and cannot have in the workplace. Texting may be faster, but it’s not a way to share patient information. Social media may be the window into the workplace, but it’s not a platform to share photos or personal opinions about patients.
When Was The Last Time Your Employees Received HIPAA Training?
Employee training isn’t optional under HIPAA. All employees are required to receive adequate educational training to fully understand what it means to protect and secure patient health information. To equip employees and help them feel confident, make HIPAA training part of your regular employee development strategy.
When Was The Last Time You Talked To Your IT Providers About HIPAA?
Your IT provider plays a key role in your HIPAA compliance strategy. Talk to your providers, ensure regular security updates are happening and that your data is being monitored consistently. Lucky for you, we know some people who can cover this one for you! It’s us!
Want to Learn More? Check out Managed IT Support and Services for Medical Practices