The Health Insurance Portability and Accountability Act (HIPAA) requires physicians, healthcare providers, and all others that qualify as “covered entities” or “business associates” to comply with regimented patient privacy and security standards. Failure to fully comply with the law can result in an investigation by the Office for Civil Rights, leading to fines, penalties, and potential damages. This means the best solution for a covered healthcare entity is proactively auditing HIPAA compliance. The following are some key topics that are important for HIPAA compliance.
Risk Assessments. All covered entities and business associates must conduct periodic risk assessments to identify potential risks to protected health information from a variety of threats, including threats from the environment, such as long-term power loss, chemicals, or pollution. Other threats that must be included in the assessment are intentional and unintentional human data breaches, human error, and natural disasters, such as floods, tornadoes, and earthquakes. The risk assessment must include a variety of information and clearly delineate the risk and potential impact from specific threats. In conjunction with the identification of threats, the risk assessment must demonstrate and outline safeguards implemented to mitigate the potential risk from the identified threats.
On-Going Compliance. After HIPAA policies and procedures are adopted, on-going compliance requirements must not be overlooked. For example, HIPAA compliance activities must be recorded, and records demonstrating implementation must be kept. Compliance with the Security Rule and the Privacy Rule must be periodically reviewed, with policies and procedures updated as circumstances warrant.
HIPAA has many pitfalls that a healthcare provider may fall victim to, even when that healthcare provider is attempting to comply with the law. This underscores the importance of taking proactive steps to audit HIPAA compliance and even seek outside counsel where appropriate to prevent unintentional miscues.
© 2015 Houghton Vandenack Williams
For more information, Contact Us