There are many misunderstandings about HIPAA compliance in the marketplace today. And, unfortunately, the government doesn’t always provide the answers you need. If you are doing bits and pieces of HIPAA compliance, and you’re not totally sure you meet all the requirements, you probably aren’t. But no worries. We can help.
HIPAA is confusing. We’ll try to simplify it for you.
In a nutshell, there are three basic rules:
- Privacy Rule: When you can disclose medical information.
- Security Rule: Preventing the risk of PHI (protected health information) exposure with network and physical security.
- Breach Notification Rule: You must notify HHS of any breach.
To comply, you need:
- Security Risk Assessments (SRA)s.
- Policies and procedures in place.
- Training for your employees.
According to HHS, there are 7 Fundamental Elements of an Effective Compliance Program:
- Implementing written policies, procedures and standards of conduct.
- Designating a compliance officer and compliance committee.
- Conducting effective training and education.
- Developing effective lines of communication.
- Conducting internal monitoring and auditing.
- Enforcing standards through well-publicized disciplinary guidelines.
- Responding promptly to detected offenses and undertaking corrective action.
But that’s not all. There are standards under each of these basics that you must meet. And, there are a series of things that you must be doing on an ongoing basis to ensure HIPAA compliance. Plus, you must do these things on a yearly basis.
Did you know that PHI is the most sought-after information on the black market today?
Many believe that if their email and file sharing are secure, they will be HIPAA compliant—Wrong. You need a risk assessment, penetration testing, up-to-date network security, and a move from gross negligence to due diligence. However, there’s more to HIPAA than having your security locked down. You must address HIPAA as a whole.
The Omnibus Rule in 2013 clarified that your Business Associates must also be HIPAA compliant. (Such as your IT provider, shredding companies, accountant, lawyer, etc.) If they aren’t compliant, you aren’t. Plus, you must have a Business Associate Agreement (BAA) for each one of them, and you must be conducting a due diligence on this each year. If you don’t, you aren’t HIPAA Compliant.
Enforcement Trends Are Way Up.
As a result, in 2016:
- A record level of fines was imposed equaling $24 million.
- Three business people went to prison.
- Medical licenses were revoked.
- State Attorney Generals also levied fines.
HIPAA regulators today are concentrating on Omnibus Rule Compliance. Experts discovered that about 60%of businesses haven’t complied with this rule. Don’t be part of this 60%.
An example: Last year, an Alaskan non-profit wasn’t compliant with the Omnibus Rule. As a result, they were fined $150 thousand. They did have their policies, procedures and training in place, but they had purchased templates from a trade organization. Because they weren’t customized to their organization, they failed their HIPAA audit.
In the end, it’s up to you to make sure you find and follow the rules, meet all the standards, and have all the policies and procedures in place in accordance with the law. The government won’t help you. As we stated earlier, HIPAA is very confusing.
On Time Tech Simplifies Compliance So You Can Focus on Your Business.
With On Time Tech, your business will achieve and maintain HIPAA compliance. It’s like an insurance policy to ensure that if the HIPAA regulators audit your business, you’ll pass with flying colors!
We’ll hold your hand throughout the entire process, and provide:
- A designated HIPAA Coach who will go at your pace until you achieve full compliance.
- Plans for all HIPAA required Audits, Assessments and Remediation.
- Customized Policies & Procedures for your Privacy & Security.
- Employee Training on HIPAA, Fraud Waste & Abuse.
- Attestation Management.
- Business Associate Audits & Management.
- Incident Management.
- Report & Document Tracking with Full Reporting and Document Version Control.
- Illustrations of your compliance with reports along with a Seal of Compliance and HIPAA Certificate & Logo for your websites and printed materials.
- A Hotline for Help with free support.
You’ll have everything you need when the HIPAA Auditor comes to visit.
When you sign up with On Time Tech for your HIPAA Compliance, you’ll have access to The Guard Compliance Solution which delivers a simple and easy way for you to Achieve, Illustrate, and Maintain HIPAA, HITECH, and Omnibus Compliance.