Why HIPAA Compliance Should Be on Your List of Goals for 2021

According to the U.S. Department of Health and Human Services, approximately 70% of organizations are not HIPAA-compliant. The Health Insurance Portability and Accountability Act (HIPAA) mandates industry-wide standards for health care information and electronic billing and requires that protected health information (PHI) be safeguarded and confidentially handled. Any company that deals with PHI must have a program in place that is secure and compliant, but many organizations are not sure what is required.  If they fail to meet the mandatory guidelines, they may be subject to large fines. 

Evaluating Your HIPAA Program

There are some steps that you can take to avoid breaches and the fines related to them.  In evaluating your program, you should ask yourself these questions:

• Do you have a current Security Risk Assessment in place (added to/updated in the last year)?       
• Have you reviewed your Business Associates Agreement?  Do you have one on file for any outside vendor that handles any patient information?
• Have you reviewed your technical security measures to ensure that your network is safe?
• Have you scheduled the required yearly education of your staff?
• Do you feel comfortable that you have addressed all of the other physical, technical and administrative requirements under the HIPAA regulations?

Risks of Noncompliance

If you have answered “no” to any of the above questions, can your medical practice afford the fines that may be imposed should a breach occur?  Recent legal actions indicate that penalties are now being applied to smaller providers. 

• West Georgia Ambulance, Inc. was fined $65,000 after an unencrypted laptop fell off the back bumper of the company’s ambulance.       
• Metropolitan Community Health Services agreed to pay $25,000 and enter into a corrective action plan after a compromised email account revealed the electronic PHI of more than 1,200 patients.
• Elite Dental Associates was fined $10,000 after its response to a Yelp review that included a patient’s last name and details of her health condition.

Protecting Your Practice and Patients

A thorough comparison of your current HIPAA privacy and security program against the Office for Civil Rights audit protocol will help you identify the strengths and weaknesses of your HIPAA program. Once you have completed this process, you can make the changes required to comply with the most up-to-date operational practices, including appropriate policy and procedure manuals, security risk assessments and education. 

Strategic Solutions can help you with this process – from the creation of a complete security plan to a thorough analysis and updating of your current one.  In addition, we periodically hold trainings on HIPAA compliance and other topics impacting medical practices.  For more information or to arrange a consult, please contact Karen Normington at karenn@strategicsolutionsmgmt.com or (518) 348-1276.