Clinical, Financial and Administrative Insights For Physicians

7 Tips for Making Your Small Practice HIPAA-Compliant

Posted by Alok Prasad

In 2012 a five-physician practice in Arizona was fined $100,000 for not complying with HIPAA regulations. That’s a frightening amount of money for a small group, but the government is making it clear that even hipaa_compliancesmaller practices need to take HIPAA seriously. Here are seven ways to protect your patients, avoid fines, and make sure your own practice is compliant.

RevenueXL provides affordable HIPAA-compliant Web-based EMR for small and mid-sized practices. Check out our best EMR Software for small practices.

1. Secure Your Information Technology

IT security is one of the most critical aspects of HIPAA and is the foundation of the Security Rule. All aspects of your computer systems, including hardware, software, and networks, must be as secure as possible. This includes: limiting who has access to your systems and their information, having strong anti-virus software, setting up a firewall, using data encryption (especially for any mobile devices and email), forcing people to change their passwords frequently, and forcing a terminal to log-off when it has been idle for several minutes. Make sure your EHR Software comes from a reliable vendor and is certified by the Office of the National Coordinator.

2. Have a Disaster Recovery Plan

What would happen to your patient’s information in the event of a fire, earthquake, flood, or other disaster? The Security Rule requires that all your data be backed up off-site in a secure system that meets HIPAA standards. Backups need to occur frequently, and the system must be checked periodically for its ability to restore data.

3. Provide Patients Access to Their Health Information

Making sure that patients have access to their own medical records is an important aspect of the Privacy Rule, and it isn’t difficult to imagine a scenario where a patient might file a complaint against you if this access were not provided. Consider using an EHR with a patient portal that provides your patients with secure access to portions of their medical record and allows secure communication between clinicians and patients.

4. Review Your Contracts With Business Associates

Your business associates include all third-party vendors such as billing services, medical transcription services, accountants, consultants and any other independent contractors who have access to information from your practice. You must have written contracts with your business associates requiring them to comply with HIPAA rules and regulations.

5. Train Annually

All employees (yourself included) should go through HIPAA training every year. New employees must complete the training before their first day of work.

6. Audit Yourself

Just as you take steps to ensure that your practice is clinically sound and providing quality care, it is equally important to perform periodic internal audits of your HIPAA-compliance and assess the security measures you’ve put in place.

7. Document Everything

You’ve heard this about your clinical encounters: if you don’t document it, it didn’t happen. The same is true for HIPAA investigations. Make sure that you have written documentation of all your security procedures, trainings, internal audits, computer hardware and software, disaster recovery plan, and everything else related to patient privacy and information protection.

Key Takeaways

The least you need to know: Becoming HIPAA compliant can feel intimidating for small practice providers, but ignoring HIPAA’s rules can result in heavy fines. With the right tools you will be able to meet the government’s requirements as well as safeguard your patients’ privacy.

To find out how our certified EMR and EHR systems can help improve the security of your practice, contact RevenueXL today.

Yes, I am Interested in Evaluating Your Free EHR Software  Contact me today!  

Readers may also like the following:


RevenueXL Inc. provides best value comprehensive solutions to medical practices. Our solutions include affordable Electronic Medical Records Software (a.k.a. EMR or EHR Software), Patient Portal, and Practice Management or Medical Billing software and revenue cycle services including medical billing, medical coding, coding audits and account receivables management services. RevenueXL offers a free consultation session to review your current challenges and answer open questions revolving around EMR and revenue cycle.

Tags: HIPAA Compliance

Get Blog Updates by Email

Contact Us

Free EHR EMR Trial

Latest Posts

Browse by Tag