In 2012 a five-physician practice in Arizona was fined $100,000 for not complying with HIPAA regulations. That’s a frightening amount of money for a small group, but the government is making it clear that even smaller practices need to take HIPAA seriously. Here are seven ways to protect your patients, avoid fines, and make sure your own practice is compliant.
1. Secure Your Information Technology
IT security is one of the most critical aspects of HIPAA and is the foundation of the Security Rule. All aspects of your computer systems, including hardware, software, and networks, must be as secure as possible. This includes: limiting who has access to your systems and their information, having strong anti-virus software, setting up a firewall, using data encryption (especially for any mobile devices and email), forcing people to change their passwords frequently, and forcing a terminal to log-off when it has been idle for several minutes. Make sure your EHR Software comes from a reliable vendor and is certified by the Office of the National Coordinator.
2. Have a Disaster Recovery Plan
What would happen to your patient’s information in the event of a fire, earthquake, flood, or other disaster? The Security Rule requires that all your data be backed up off-site in a secure system that meets HIPAA standards. Backups need to occur frequently, and the system must be checked periodically for its ability to restore data.
3. Provide Patients Access to Their Health Information
Making sure that patients have access to their own medical records is an important aspect of the Privacy Rule, and it isn’t difficult to imagine a scenario where a patient might file a complaint against you if this access were not provided. Consider using an EHR with a patient portal that provides your patients with secure access to portions of their medical record and allows secure communication between clinicians and patients.
4. Review Your Contracts With Business Associates
Your business associates include all third-party vendors such as billing services, medical transcription services, accountants, consultants and any other independent contractors who have access to information from your practice. You must have written contracts with your business associates requiring them to comply with HIPAA rules and regulations.
5. Train Annually
All employees (yourself included) should go through HIPAA training every year. New employees must complete the training before their first day of work.
6. Audit Yourself
Just as you take steps to ensure that your practice is clinically sound and providing quality care, it is equally important to perform periodic internal audits of your HIPAA-compliance and assess the security measures you’ve put in place.
7. Document Everything
You’ve heard this about your clinical encounters: if you don’t document it, it didn’t happen. The same is true for HIPAA investigations. Make sure that you have written documentation of all your security procedures, trainings, internal audits, computer hardware and software, disaster recovery plan, and everything else related to patient privacy and information protection.
The least you need to know: Becoming HIPAA compliant can feel intimidating for small practice providers, but ignoring HIPAA’s rules can result in heavy fines. With the right tools you will be able to meet the government’s requirements as well as safeguard your patients’ privacy.
Readers may also like the following:
- Top 5 Benefits of EHR Software
- 7 Signs Your Cardiology Practice Should Replace Its Cardiology EMR
- Evaluate your options about Web-based EMR vs. Server-based EMR
- Patient Collections - 5 Tips to Manage Account Receivables
- Patient Portal - 5 Tips To Increase Patient Engagement
- 5 Super Easy Ways To Reduce Insurance Claim Denials