Five Steps to Meet HIPAA Obligations and Privacy & Security Compliance
Join our Newsletter
If you’re submitting claims electronically for reimbursement, you are under HIPAA. This subjects you to all the privacy and security obligations of HIPAA. Simply having an electronic medical record system that says, HIPAA Compliant, is not going to be enough.
At a minimum your HIPAA should include these five steps:
- Appoint a privacy officer.
- Appoint a security officer.
- Have a privacy and security manual that is specifically tailored to your health care practice facility or institution. The manual should include privacy and security policies, procedures and forms.
- Ensure that all staff have HIPAA training, and
- Perform a security risk assessment and address security vulnerabilities.
The following story shows how these steps can safeguard your healthcare business or practices.
One of my clients found themselves in deep HIPAA waters when one of their nurses took some patient files home and left them in the unlocked passenger seat of his car. You know what happens next. Someone broke into the car. The files were stolen, and investigators came knocking.
Clearly there was a HIPAA violation, but fortunately the nursing home had documented that they had trained all employees beforehand. They also had policies and procedures in place including a commitment to terminating employees who violate HIPAA safeguards.
This allowed the client to escape stiff penalties and to get off with a slap on the wrist.
Now remember, HIPAA liability can extend even to small or solo physician practices so even if you’re not technically under HIPAA… For example, you’re a cash medical practice… you’re still subject to state privacy and security law obligations. Although these may not be spelled out with the same level of detail as HIPAA, they still require you to make compliance efforts. This may entail employing a privacy officer, creating policies and procedures, and conducting the Security Risk Assessment.
Please let us know if you have more questions about HIPAA and privacy and security compliance.
I would definitely recommend. I needed direction regarding the FDA and how the rules would affect my business. Responsive, accessible, and knowledgeable.
Impressive credentials are only overshadowed by their clear awareness of practical strategies to help Physicians navigate modern healthcare and achieve successful outcomes.