HIPAA Compliance for Medical Practices
74.0K views | +10 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

What you should know about HIPAA PRIVACY RULE

What you should know about HIPAA PRIVACY RULE | HIPAA Compliance for Medical Practices | Scoop.it

Does the HIPAA Privacy rule affect you?  

You should be familiar with the Health Insurance Portability and Accountability Act also known as HIPAA, but do you know how the privacy rule affects you? The U.S Department of Health and Human Services (HHS) has worked diligently since establishing HIPAA law to regulate privacy standards in the healthcare industry. When you think of the word privacy many things may come to mind, such as closing the door during a patient’s consultation or ensuring confidentiality while discussing patient treatments with fellow staff members. As a covered entity it is your responsibility to protect the privacy of your patients. 

 

6 ways in which you can implement a Culture of Privacy:

During your day to day operations, you need to be aware of how to implement the culture of privacy in your practice and comply with the law. Across all roles, every employee in your practice needs to be exercising compliance with HIPAA. Here are six ways in which you can implement a culture of privacy.

  • Provide HIPAA training to all your employees and maintain documentation that your entire staff has completed HIPAA training.
  • Ensure that your entire staff knows what patient information can be shared and not shared outside and inside of the workplace.
  • Get your patients to sign consent forms regarding sharing any form of PHI for any purpose including your own marketing purposes.
  • Stay updated on changes in the law on new disclosure restrictions and Update your patient authorization forms updated regularly on any such new disclosure restrictions.
  • Educate your patients and give them a clear outline of how they can request or obtain a copy of their medical records.
  • Ensure that you are giving your staff only the minimum necessary access to PHI to perform quality healthcare.

 

It is your responsibility to maintain professional top-quality healthcare for all parties involved while maintaining compliance with the law. Exercising the privacy culture is the way your practice stays current and minimizes the potential of a data breach. As a covered entity you need to be aware of the potential consequences that come with non- compliance. Consequences range from significant monetary fines to criminal penalties like jail time and a damaged reputation.  In addition, there are strict breach notification requirements outlined in the law.

 

In the event of a breach, you may be investigated by the appropriate federal agency like Office of Civil Rights (OCR) or the Department of Homeland Security or the Department of Justice, or other federal agencies who may be involved.  Depending on the results of the investigation, you may face penalties. Here are some penalties for data breaches that may apply. 

 

  • 100 dollars per record per day under HIPAA law with the maximum annual penalty being 1.5 million dollars per violation.
  • Loss of patient trust and repeat business due to damage to your reputation.

 

Millions of dollars in fines could potentially cause you to lose your livelihood and business. A bad reputation would stop repeat business and new customers from coming. These top penalties and consequences are avoidable and quality healthcare is attainable if you are complying with the law and practicing the culture of privacy every day. Remember to instill a culture of privacy in your office and follow the Five Steps to HIPAA Compliance every year.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

8 HIPAA Compliance Steps for Your Medical Practice

8 HIPAA Compliance Steps for Your Medical Practice | HIPAA Compliance for Medical Practices | Scoop.it

Complying with 1996 Health Insurance Portability and Accountability Act (HIPAA) regulations is vital to keep your patients’ protected health information (PHI) private, confidential, and secure. What is HIPAA? It’s the safety standards for all entities handling sensitive electronic patient data. The guidelines apply to everyone in your hospital, medical, or dental practice who saves, accesses, and shares patients’ computerized health and financial records.

 

Proper precautions will help you gain the best patient rapport and standing. You’ll also avoid breach-related complaints, reputational damage, hefty monetary fines, civil lawsuits, criminal charges, medical license loss, and/or imprisonment. E-Complish excels at compliance with both Payment Card Industry (PCI) and HIPAA compliance protocols. With us you can be sure client payment info and PHI remains safeguarded, but follow the eight steps below to ensure that your medical or dental facility is compliant

Run Thorough Risk Assessments

Did your medical practice adopt an electronic health record (EHR) system before clear directions specified everything it should contain? Then your office might be using a system that fails to meet HIPAA standards. Using the latest guidelines, run a thorough risk assessment on your current system. That will highlight any noncompliant areas that you need to update to fulfill your obligations. In addition, you or a HIPAA specialist must complete mandatory security risk assessments annually. Then develop detailed action plans and timelines that address all evaluated issues requiring remediation or follow-ups.

Prepare for Disasters Before They Occur

Keeping all customer data that your medical or dental facility handles safe from corruption and loss is key. Installing antivirus programs on all business computers will protect them from viruses that could corrupt or destroy files. To prevent losses due to mishaps, backup all health records frequently. Using off-site locations will stop destructive events like office fires and floods from making valuable backups irretrievable.

Develop a Policy and Procedure Manual

Create written instructions that detail how your staff should address and maintain patient privacy, confidentiality, and security. Include a HIPAA compliance overview with specific processes for patient notifications, disclosures, and relevant forms. Distribute this manual to all existing employees and new hires. Requiring them to sign and return statements that they read and understand your policies and procedures can increase conformity. Review, update, and redistribute your handbook as regulations expand and change.

Establish an Ongoing Staff Training Program

Your weakest links determine your EHR’s strength. In medical and dental offices, untrained employees make the most errors unintentionally. Staffers who fail to follow safety protocols when accessing files and records can render even a very dependable encryption system useless. That might allow unauthorized parties to gain access illegally.

Guiding new hires is just the beginning. Re-educating your entire team to adhere to vital safeguards annually will ensure data security and integrity. Everyone must recognize that protecting health information is essential. Gather staffers’ signatures, acknowledging awareness of HIPAA principles and practices. Document all employees’ names with initial and refresher course dates to verify that you’re fulfilling your ongoing commitment. Also evaluate and revise your training program as regulations expand and change.

Add Compatible and Compliant Office Equipment

All new equipment you buy for your medical or dental facility must be compatible to work well with your existing system while providing sufficient security. Make sure that all purchases include both of these crucial elements because either one alone is an ineffective mistake.

Collaborate With All Affected Internal Parties

The changes you must make to become HIPAA compliant will affect various internal personnel. Inform all involved supervisors and departments about necessary modifications to their routines. Preventing violations requires everyone’s ongoing and diligent participation.

 

Demonstrate Privacy throughout Your Facility

Treat your patients with the discretion they deserve everywhere from your lobby to examination rooms. Minimize personal references to specific patients by announcing just their given or surnames when calling them to the reception desk, payment windows, and doctor consultations. Providing private, quiet spaces for discussions with individuals will stop uninvolved parties from overhearing sensitive information. Always knock on closed doors before entering patients’ rooms. Never leave their files and documents visible or unsecured where unauthorized people could view them.

Post HIPAA Notices

Print notices explaining your HIPAA practices. Place them in easily noticeable common office areas. Your patients can review applicable privacy laws with information about how you’re striving to protect their health care’s confidentiality.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Proposed HIPAA Law Changes

Proposed HIPAA Law Changes | HIPAA Compliance for Medical Practices | Scoop.it

Upcoming proposed changes to HIPAA law from the Office for Civil Rights (OCR)

Roger Severino, Director of the Office for Civil Rights (OCR), in his keynote address at the 11th Annual OCR/ NIST conference “Safeguarding Health Information: Building Assurance through HIPAA Security”, informed of some proposed policy changes in HIPAA law that OCR is in the process of working through.  Be on the lookout for upcoming policy enhancements. 

 

These proposed changes to legislation are provoked by input from covered entities, business associates and experts on what issues they currently face due to HIPAA regulations.   

Here are some of the proposed changes that Director Roger Severino talked about.

Good faith disclosures by health care providers

Often people say “I didn’t know” when it comes to either their own health records or those of their loved ones.  Sometimes, especially regarding public health emergencies like the opioid crisis, parents don’t know what is happening with the health of their children until it is too late. In those cases, good faith disclosures may be the right way to go.   Should OCR pursue action against a provider who disclosed patient health information when the patient’s or someone else’s life was at risk?  There should also be a provision for providers to inform the patient’s emergency contacts listed on the consent form when there is a true emergency. 

Improving care coordination and reducing regulatory burden

Notice of Privacy Practices

  • Providers make the Notice of Privacy Practices available to patients and often ask patients to sign the notice as part of the patient package of documents.  Patients sometimes do not know what this is for, what the notice provides them.  It raises several questions like “is this a contract”, “what exactly am I signing here”, “am I giving up my privacy”, etc.  OCR is looking into the notice of privacy practices to see how the process can be improved.

Required Provider to Provider Information Sharing

  • When patients go from doctor to doctor, the patient’s information should follow seamlessly to provide the best possible coordinated care to the patient. Providers are allowed to share information about patients with each other as part of the treatment process.
  • However, today there is no guarantee of receiving the information requested from one provider to another.   OCR is looking at the possibility of changing the law to make this provider-to-provider information sharing mandatory upon information request.

Accounting of Disclosures

  • Another area of review is the Accounting of Disclosures.   Should the TPO (Treatment Payment Operations) provision be revoked or modified?
  • Today, TPO allows for the sharing of protected health information among entities for the purpose of treatment, payment of operations related to a patient.  

OCR is keen on reducing the burden in the healthcare process. Director Severino stated that we definitely do not want a situation where a doctor is treating a computer screen instead of the patient in front of the doctor.

Civil Monetary Penalties or Monetary Settlements to harmed individuals

  • OCR is also looking at the patient compensation process.  Congress wants OCR to compensate patients for breach of privacy. 
  • This can be very complicated as the gravity of breaches could differ greatly from one breach to another.  For instance, the risks vary depending on if patient name and address are stolen, or if a name, address and social security number are stolen, or worse, if sensitive health or disease information is stolen. What level of privacy breach should be compensated?

HIPAA/ FERPA

There is joint guidance available between HIPAA and FERPA for educational institutions.  FERPA is all-encompassing for educational institutions.  However, after a string of recent school shootings, some rules may have to change in terms of communication to psychologists to handle the trauma related to these incidents.

 

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

HIPAA Risk Assessment Requirements

HIPAA Risk Assessment Requirements | HIPAA Compliance for Medical Practices | Scoop.it

Understanding your need for a HIPAA risk assessment is one of the best ways that behavioral health practices can defend against HIPAA fines.

In order to be HIPAA compliant you must address all elements of the law, but one of the most essential places to start is by fulfilling your mandatory HIPAA risk assessments. But how do you know what your HIPAA risk assessment requirements are under the law?

What’s a HIPAA Risk Assessment?

Let’s start with a simple explanation of the risk assessments required for HIPAA compliance.

A HIPAA risk assessment is an audit of your practice to assess the status of your compliance. HIPAA risk assessments give you a better understanding of the gaps that you currently have in your compliance program, so that you can build remediation plans to fix them.

HIPAA regulation outlines that you must conduct Physical, Administrative, and Technical risk assessments within your practice in order to be HIPAA compliant. These risk assessments will measure your practice against HIPAA regulatory standards.

Beyond HIPAA Risk Assessments

Once you’ve completed your risk assessments, you’ll have a clear understanding of which HIPAA standards you need to address.

Remediation plans help organize your compliance program so that you can understand where to focus your efforts to become HIPAA compliant. By completing your remediation plans with HIPAA policies and procedures, you help protect your behavioral health practice from liability in the event of a HIPAA violation in the future.

HIPAA risk assessments are only the first step among many that you need to take to become compliant with the law. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has an online HIPAA risk assessment tool that health care providers across the industry can access.

However, HHS does not have a tool for following up on these risk assessments with remediation plans, policies and procedures, employee training, documentation, business associate management, and breach management. Finding a HIPAA compliance solution to address the remainder of the federally mandated HIPAA standards should be your next step for protecting your practice from breaches and fines.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.