« »

Thursday, October 24, 2013

HIPAA and your medical practice: What you can do to ensure compliance

Patients health information is protected by the Accountability Act
HIPAA security standards protect patients
By Antonio Brown

It's critically important that your medical practice adheres to the many regulations and standards set forth by HIPAA. In the spring of 2012, a medical practice in the Southwest was the very first to pay a stiff, six-figure HIPAA penalty for non-compliance. The Health Insurance Portability and 

The Accountability Act was signed into law in the mid 1990s by the US Congress. The act was drawn up to secure the privacy of patient health data. Here are a few things you can do to ensure that your medical practice is not in violation of any HIPAA standards and regulations regulations.

Clean up your policies


To be sure you are very well prepared if auditors contact you, you need to carefully assess your policies and procedures pertaining to privacy and security. Many medical practices rushed to meet HIPAA security compliance standards when the act was first put into law but they've done nothing since then to make sure that they are still compliant. You should look at HIPAA as a part of your practice and not as a policy to ignore. Remember that newer technology you may be making use of in your practice likes social media and email could lead to some security and privacy issues.

Use encryption software


It is your legal responsibility to safeguard your patients' personal heath information to ensure that it is not lost, stolen or subject to unauthorized access. This is the biggest risk you face when it pertains to HIPAA. You are at even more risk if you are using smartphones, laptops and tablets to process patient information. This is because anything that can be stored on these types of devices is quite vulnerable. A solution to this vulnerability issue is to have your patient health encrypted. Once you've encrypted the info, you won't be in breach of HIPAA if your mobile devices are lostor stolen.

Train your practice staff


Since your office staff are the people who handle most of your patient health information, it's essential that you make your staff aware of HIPAA, what it means and what their responsibilities are. There are numerous online resources available just for healthcare providers that you can give your staff access to. You also could arrange to have your office staff take formal HIPAA security compliance training. This training can be taken right online from your practice computers for convenience. If you would rather send your staff off-site for a training session, look for a company near you that provides HIPAA classroom training.

Know the latest HIPAA changes


There were some changes made to HIPAA in September of 2013 that pertain to medical practices you need to be aware of. One of these new rules addresses doctors' use of patient personal healthcare information for marketing and fund-raising purposes and strictly prohibits the sale of such info without patient permission. Another change that took place gives patients the legal right to ask for an electronic copy of their health records and in some instances, prohibits doctors from providing insurance companies with some personal health information. These changes are why you need to review and update your privacy practices regularly to ensure that you're always HIPAA compliant. If you are found to be in breach of some HIPAA regulations, you could face paying very stiff fines and penalites.

About the author: Antonio brown writes about health care and data security. 
* Image license: Greekgod, RGBStock royalty free