Is Your Practice HIPAA Compliant?
HIPAA compliance regulations require that all healthcare providers maintain the security of patient information and medical records (Protected Health Information). If you are a medical practice, dental practice, or provide other healthcare services, you are required to take steps to prevent unauthorized access to PHI. Failure to do so can result in civil and criminal penalties. Flexible Systems is a managed services provider that understands what the HIPAA requirements are and what you need to do to protect your practice.
The Foundation of HIPAA Compliance is Managed IT Services
HIPAA compliance is all about protecting confidential medical information. As more and more of this information is being stored and transmitted using computers and the internet, cyber security, network management, and IT security is becoming more important. As a managed services provider we know how to protect your business from cyber crime. Working with us will cover 80% of what you need to do to make sure that your practice is HIPAA compliant.
What Else do You Need to do to Protect Your Practice?
- Evaluate your current office practices by conducting a Risk Assessment.
- Name a compliance official. This person will have the primary responsibility for handling any HIPAA-related privacy, security and breach notification requirements.
- Review your policies and procedures and assess whether they reflect the realities of your current practice and meet the requirements of the current law. If they don’t, update them.
- Make sure you have documented policies regarding patient requests.
- Document your procedures on how to handle medical record access, disclosure restriction requests, amendment requests, account disclosure requests, and confidential communication channel requests.
- Train and educate your staff so they understand the importance of complying with your HIPAA policies and procedures
- Make sure you periodically send out HIPAA security training reminders.
Frequently Asked HIPAA Questions
Who is a Covered Entity?
There are three main classes of covered entities.
- Health care providers: Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies.
- Health care plans: Health insurance companies, HMOs, health plans offered by companies, Medicare, Medicaid, veterans health care programs.
- Health care clearinghouses: Organizations that convert non-electronic medical information to electronic records.
What is PHI?
PHI (Protected Health Information) is the combination of information about a person’s health with other information that would identify who the person is. Examples of PHI include phone numbers, social security numbers, patient names, and even photographs of patients. This type of information can show up in a variety of ways including medical bills, emails, appointment scheduling, medical test results, and voice mail. It’s important to remember that PHI includes all information that comes into or leaves a covered entity. PHI not only covers electronic records it includes verbal, written, information visible on computer screens, and even conversations that may be overheard.
Are There Civil or Criminal Penalties?
The passing of the “American Recovery and Reinvestment Act of 2009” (ARRA) in 2009, established civil and criminal penalties for violations of HIPAA. Your practice or individuals that work at your practice may be held liable whether you knowingly or unknowingly violate these guidelines. The same penalties apply to business associates as well.