Call today to discuss your HIPAA needs
HIPAA Compliance within Your Organization
A company should conduct annual or biannual retraining exercises. The idea is to foster an organizational culture that promotes the security and privacy of Personal Health Information (PHI). Patients hand over their names, Social Security numbers, and patient records to providers with the expectation of confidentiality. This trust is invaluable to any provider, and it is the responsibility of everyone in the organization, including all accounting firms, IT service providers, attorneys, etc., to protect that trust from being violated.
The Tampa Bay Business Journal predicted that the use of smartphones, connected medical devices and apps would increase in 2016. With the ever increasing convenience and cost-efficiency of technology comes the responsibility to ensure that data breaches do not become convenient for hackers. Privacy policies and proper documentation are essential, but the real objective is to create a top-down competency for proper management of sensitive information. It is now more critical than ever that covered entities and business associates alike understand HIPAA, and make it an integral part of their practice.
Healthcare providers covered under HIPAA include doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies. For a covered entity, the monetary penalty can range anywhere from $100 to $50,000 per violation up to an annual maximum of $1.5 million. The levels of penalty are defined according to the cause, and by the response of the firm to correct the violation once it is identified. For many healthcare providers, the fault is not in taking the necessary steps to put policies in place and communicate them to clinical staff and patients, but rather the failure to put organizational systems in place to uphold and improve those policies. It is this additional step that becomes critical in separating the diligent from the negligent, and in determining the issuance of a lesser or greater penalty.
View our blog post about HIPPA fines in 2016 here.
HIPAA Compliance Culture: The Real Answer
“This is how company XYZ uses your information”. We have all seen these words on several occasions, chiefly as we are filling out the required paperwork in the office of our healthcare provider. The good news is that the healthcare provider is required to disclose their privacy policies to you and all other patients. Subsequently, the bad news is that the healthcare provider is required to disclose their privacy policies to you and all other patients!
“Is my information really safe?” “I don’t know if I’m comfortable with giving this much information about myself to someone I don’t even know.” These are thoughts that I have had when filling out routine documents in a doctor’s office. It is that moment of uncertainty that produces a brief hesitance just before I proceed to fill out the forms. The truth is, for some “covered entities” going through the motions of the Health Insurance Portability and Accountability Act, or HIPAA, is just that: going through the motions. With astronomical fines threatening even the smallest healthcare providers, the only option is using HIPAA compliance and implementing its laundry list of requirements. There are three main ingredients when it comes to HIPAA compliance: security, privacy, and administrative simplification. Privacy is the topic of discussion for our example.