Physician practices that do not take proactive steps towards becoming HIPAA compliant do so at their peril. Here are our “Top Ten” reasons why you need to be compliant:
1. While the Meaningful Use Incentives are optional, HIPAA compliance is not
If you manage Protected HIPAA Information (PHI), you must comply with federal HIPAA regulations or face substantial penalties for non-compliance. It is as simple as that
Furthermore, if a Covered Entity chooses to accept Meaningful Use funding, a Security Risk Analysis is required and any funding will have to be returned if adequate documentation is not provided upon request.
2. The HITECH Act substantially increased civil penalties for non-compliance with HIPAA Policies
The penalty cap for HIPAA violations was increased from $25,000/year to $1,500,000/year per violation. And willfully ignoring or failing to be compliant means mandatory investigations and penalties that can be started by any complaint, breach or discovered violation. See the document published by the American Medical Association (AMA) http://www.ama-assn.org/resources/doc/washington/hipaa-omnibus-final-rule-summary.pdf for further information.
3. The mandated deadline for the new HIPAA compliance rules has already passed
All covered entities, including physician practices, clinics and hospitals and Business Associates must update their HIPAA policies, procedures, forms, Notices of Privacy Practices and otherwise implement the changes required by these regulations as soon as possible, if they were not in place by the September 23, 2013 compliance date.
4. New breach rules will increase the number of HIPAA violations that are determined to be Breaches
The recent federal Omnibus ruling expands the definition of a breach and failure to address it properly and provide proper notifications can trigger federal investigations and eventual fines and penalties
5. Business Associates are now required to become HIPAA compliant
With the recent Omnibus ruling, Business Associates must also be HIPAA Privacy and Security Compliant and Covered Entities are responsible for ensuring their BA’s are compliant.
6. The Office of Civil Rights (OCR) is expanding its health information privacy enforcement team
As recent public announcement from the Office of Civil Rights indicates, they are stepping up hiring for HIPAA compliance activities:
“The Division of Health Information Privacy enforces the HIPAA Privacy and Security Rules and the confidentiality provisions of the Patient Safety and Quality Improvement Act. OCR is seeking experience in privacy and security compliance and enforcement as well as in the areas of policy, outreach, and health information technology systems. For more information on these positions, go to http://www.usajobs.gov/ and enter the corresponding job announcement number.”
7. State Attorney Generals are getting involved in HIPAA Enforcement
The Federal government has expanded the reach of HIPAA by enlisting State Attorney Generals. See HIPAA training program agenda for state AG’s offered by Health and Human Services – http://www.hhshipaasagtraining.com/agenda.php
8. All Covered Entities must have documented policies and procedures regarding HIPAA compliance
Recently, a dermatology practice learned this lesson the hard way by paying a $150,000 fine, plus implementing a corrective action plan “for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).” For further details, see http://www.hhs.gov/news/press/2013pres/12/20131226a.html.
9. HIPAA Compliance Requires Staff Privacy and Security Training
All clinicians and medical staff that access PHI must be trained on proper HIPAA procedures on a regular basis. Documentation of training that is provided is required to be kept for six years.
10. Protect Your Practice – Don’t be another one of these
Unfortunately, the list of healthcare organizations reporting major breaches and receiving substantial penalties is growing at an alarming rate. Keep your practice off the list of HIPAA Breach – http://www.hipaabreachlist.com/
Our IT Solutions for Doctors Office: Overview
- Managed IT Support Services – 24/7/365 remote monitoring
- IT Service Plans – onsite, remote and virtual computer network tech support
- Hardware and Software management and upgrades
- Virus, spyware and security protection for your computers and servers
- Complete support and solutions for your practice
- HIPAA/HITECH Compliance and Tech Support services
Give us a call now at 201-493-1414 – your Computer Network will thank you!
If you are located in New Jersey or NJ NY area, and are looking for Managed IT services and Computer Support for your Medical Practice – look no further: we are here to provide your medical practice with reliable IT Support.