The 21st century is an age of technology and advancement. From self-driving cars to virtual reality devices, we have seen machinery evolve and become increasingly accessible across all demographics, and Healthcare is no exception to this trend. In an age of accessibility and ease of access, many Healthcare Organizations (HCOs) have begun using laptops, tablets, and flash drives to store not only data, but also Protected Health Information (PHI). However, without having adequate policies and encryptions in place, this confidential information can be accessed by anyone.
With this increased threat to PHI, the Health Insurance Portability and Accountability Act (HIPAA) has come to the forefront of industry news. This law was designed to provide privacy standards to protect patients’ medical records and other health information given to healthcare providers. When health violations occur, the Office of Civil Rights must enforce any HIPAA breaches. In the first seven months of 2016 alone, the U.S. Department of Health and Human Services collected around $15 million in HIPAA fines. This year, the second largest HIPAA fine ever was issued- a whopping $5.5 million. Read the full story here.
HIPAA compliance can be achieved by any private practice that is willing to implement and regularly review their in-house privacy policies. TSI Healthcare has compiled the top 5 Steps Toward HIPAA Compliance, to help you and your practice move toward HIPAA compliance.
** Please Note: This is not a comprehensive list; please refer to your HIPAA Compliance Officer for help outlining a HIPAA policy for your practice. **
Have you created privacy/security policies and procedures for your practice to follow? If not, now is the time. All HCO’s must develop, adopt, and implement a privacy/security policy. This will guarantee that all employees are properly trained on your in-house policies. This training should also be required for any third-party vendors.
- Appoint a Committed Security Officer
HIPAA is a complex federal policy. Ensure your practice is following protocols by appointing an individual exclusively committed to training your practice on all HIPAA related regulations and policies.
- Establish Strict Training Protocol
Training all employees who use or disclose PHI, and documenting that training, is essential to assuring HIPAA compliance throughout your practice. In addition to new employee training, your practice should also conduct annual refresher courses to keep employees up to date on any new policies or procedures.
- Adopt Potential Breach Protocols
The steps you must take in case of a data breach are very specific, so your practice must follow established protocol. Determine whether a breach has occurred, and if it has, report the results of the investigation immediately to the appropriate authorities.
- Implement Your Terminated Employees Policy
Having policies in place and annual training is great, but at the end of the day, your practice needs to practice what it preaches. Once simple way to follow through with your HIPAA policies already in place is too ensure that terminated employees no longer have access to PHI. Delete any logins, accounts, or emails that would allow them to access your practice’s patient data.