There are many misunderstandings about HIPAA compliance in the marketplace today. And, unfortunately, the government doesn’t always provide the answers you need. If you are doing bits and pieces of HIPAA compliance, and you’re not totally sure you meet all the requirements, you probably aren’t. But no worries. We can help.
HIPAA is confusing. We’ll try to simplify it for you.
In a nutshell, there are three basic rules:
To comply, you need:
According to HHS, there are 7 Fundamental Elements of an Effective Compliance Program:
But that’s not all. There are standards under each of these basics that you must meet. And, there are a series of things that you must be doing on an ongoing basis to ensure HIPAA compliance. Plus, you must do these things on a yearly basis.
Did you know that PHI is the most sought-after information on the black market today?
Many believe that if their email and file sharing are secure, they will be HIPAA compliant—Wrong. You need a risk assessment, penetration testing, up-to-date network security, and a move from gross negligence to due diligence. However, there’s more to HIPAA than having your security locked down. You must address HIPAA as a whole.
The Omnibus Rule in 2013 clarified that your Business Associates must also be HIPAA compliant. (Such as your IT provider, shredding companies, accountant, lawyer, etc.) If they aren’t compliant, you aren’t. Plus, you must have a Business Associate Agreement (BAA) for each one of them, and you must be conducting a due diligence on this each year. If you don’t, you aren’t HIPAA Compliant.
Enforcement Trends Are Way Up.
As a result, in 2016:
HIPAA regulators today are concentrating on Omnibus Rule Compliance. Experts discovered that about 60%of businesses haven’t complied with this rule. Don’t be part of this 60%.
An example: Last year, an Alaskan non-profit wasn’t compliant with the Omnibus Rule. As a result, they were fined $150 thousand. They did have their policies, procedures and training in place, but they had purchased templates from a trade organization. Because they weren’t customized to their organization, they failed their HIPAA audit.
In the end, it’s up to you to make sure you find and follow the rules, meet all the standards, and have all the policies and procedures in place in accordance with the law. The government won’t help you. As we stated earlier, HIPAA is very confusing.
On Time Tech Simplifies Compliance So You Can Focus on Your Business.
With On Time Tech, your business will achieve and maintain HIPAA compliance. It’s like an insurance policy to ensure that if the HIPAA regulators audit your business, you’ll pass with flying colors!
We’ll hold your hand throughout the entire process, and provide:
You’ll have everything you need when the HIPAA Auditor comes to visit.
When you sign up with On Time Tech for your HIPAA Compliance, you’ll have access to The Guard Compliance Solution which delivers a simple and easy way for you to Achieve, Illustrate, and Maintain HIPAA, HITECH, and Omnibus Compliance.