What are the Most Essential Things to Know About HIPAA Compliance?

What are the Most Essential Things to Know About HIPAA Compliance

The Healthcare Insurance Portability and Accountability Act (HIPAA) ensures that healthcare organizations protect sensitive patient data and control who has access to that data. HIPAA has helped streamline and ensure patient information is shared securely. The rules are strict, and to avoid steep fines, here are some top tips to make sure your office is HIPAA compliant.

History of the NPI Number
History of the NPI Number

Post a Statement of Rights

Display the patient bill of rights prominently in the physical office and the website.

Limit PHI Exposure

Protected Health Information (PHI) should be limited by e-mail and sent other ways. Always use a cover sheet when faxing PHI. Always dispose of paper files by using a shredding service. Learn more at mFax.

Encrypt and Password Protect Private Information

Hackers cannot read encrypted data even if the records are stolen. All computers should be password protected, including laptops used at home that access patient information. Also, computer programs should be logged out and closed when not in use. Never share passwords between employees.

Provide Records to Patients Upon Request

Office policies must be in place to provide electronic records to patients within 30 days. If the patient seeks care at a different facility, this helps healthcare providers have patient information at their fingertips.

Dealing with Insurance Companies

Disclosing accidental information to insurance companies without patient knowledge is also a violation of HIPAA. If a patient chooses not to use their insurance but instead pays out of pocket, do not disclose this information to the insurance company. Medical practices need to have written policies to protect this information from accidental disclosure to the insurance company.

Implement Safeguards

All patient files and charts should be kept out of sight and locked away from public view. Never leave records unattended.

Install Anti-Virus Software

All office computers should have updated anti-virus software installed to guard against malicious software programs.

Help Your Employees

Make sure employees have annual training on HIPAA compliance. They should be aware that sharing any patient information on social media is considered a violation of this law. Patient information includes photos, names, and addresses.

Backup Patient Files

Store patient information on backup disks on a HIPAA compliant cloud server. Never store information on desktops or laptop hard drives.

How to Disclose Violations

If a HIPAA violation occurs, you must know whom to contact. Notify the U.S. Department of Health and Human Services immediately for offices of more than 500 patients. For offices with less than 500 patients, report the HIPAA violation within 60 days of the end of the calendar year.

What Vendors and Partners Need to Know

Many offices need to disclose HIPAA information to vendors and outside parties. Your office must verify these partners have the means to protect patient information correctly.

Avoid Penalties

HIPAA violations can occur either deliberately or unintentionally. Either way, both are punishable offenses. The government has tiers of HIPAA violations with fines ranging from $119 to $1,785,651 for each instance. In certain situations, there could be criminal fines as well. Avoid HIPAA non-compliance with these tips, and you can avoid hefty fines and possible jail time.

Stay Current with Laws

If you work in medicine, keep updated on the latest HIPAA laws. Have medical staff conduct regular training to remain compliant. Conduct regular audits of your practice, staff, and vendor partners to pinpoint any issues.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top