According to the U.S. Department of Health and Human Services, approximately 70% of organizations are not HIPAA-compliant. The Health Insurance Portability and Accountability Act (HIPAA) mandates industry-wide standards for health care information and electronic billing and requires that protected health information (PHI) be safeguarded and confidentially handled. Any company that deals with PHI must have a program in place that is secure and compliant, but many organizations are not sure what is required. If they fail to meet the mandatory guidelines, they may be subject to large fines.
There are some steps that you can take to avoid breaches and the fines related to them. In evaluating your program, you should ask yourself these questions:
If you have answered “no” to any of the above questions, can your medical practice afford the fines that may be imposed should a breach occur? Recent legal actions indicate that penalties are now being applied to smaller providers.
A thorough comparison of your current HIPAA privacy and security program against the Office for Civil Rights audit protocol will help you identify the strengths and weaknesses of your HIPAA program. Once you have completed this process, you can make the changes required to comply with the most up-to-date operational practices, including appropriate policy and procedure manuals, security risk assessments and education.
Strategic Solutions can help you with this process – from the creation of a complete security plan to a thorough analysis and updating of your current one. In addition, we periodically hold trainings on HIPAA compliance and other topics impacting medical practices. For more information or to arrange a consult, please contact Karen Normington at firstname.lastname@example.org or (518) 348-1276.
Before leaving a comment, please read the comment policy.