If you follow any of our social media, keep up with healthcare news, or watch any type of news broadcast, you have heard about HIPAA and the importance of staying compliant. If not, here is a brief run-down of what every company should know about the Health Insurance Portability and Accountability Act:
- HIPAA Privacy Rule is a set of federal standards to protect the privacy of health information. The privacy rules provide patients with the right to access their records.
- The HIPAA Security Rule establishes national standards for the security of electronic protected health information (ePHI).
- Both of these rules go hand-in-hand
- If companies do not follow HIPAA rules, there are SERIOUS fines to pay - we are talking MILLIONS!
Now, the above is an extreme simplification of a very in-depth and complicated law, but in the spirit of keeping things easy to understand, we are going to leave it at that. If you have ever sat through an office HIPAA training, you know what we mean. If, however, you would like more background information, read our All About HIPAA blog here and then follow it up with HIPAA Privacy and Security: Clearing the Muddy Waters.
One reoccurring theme of HIPAA is the importance of staying compliant. In recent weeks we have shared graphics showing how many millions of dollars companies have paid out as penalties or settlements in breach cases. Some include:
- The University of Mississippi Medical Center was fined $2.75 million
- Children's Medical Center of Dallas paid $3.2 million
- Aetna was fined more than $18 million for two separate incidents
The list goes on and on, which brings us to today's essential point: How companies can stay HIPAA compliant. Below we will break down five easy steps that will help ensure your company's compliance, which in turn saves money and reduces your stress level!
- Annual Risk Assessment: First thing first, it is a requirement of the HIPAA Security Rule that companies plan and budget for a HIPAA risk analysis. A risk assessment is a reasonable approach to identifying the multiple risks to your organizations and simultaneously addressing the vulnerabilities of your network security. It is vital to work with an independent auditing team comprised of certified compliance experts.
- HIPAA Privacy and Security Training: Companies must educate employees about the need for security and compliance. Annual HIPAA privacy and security training helps increase knowledge, reduce fear, and limit violations. It is also a good idea to implement some type of reminders throughout the year between trainings to keep information fresh and relevant.
- Application Security: Organizations must securely design and develop web-facing applications. Encryption and back-up of data is also crucial in ensuring the security of your ePHI and other sensitive data. Encryption is not limited to in-office computers either. Encryption MUST cover cell phones, laptops, tablets, and USB devices.
- Know Your Business Associates: Organizations should review all Business Associates Agreements. Effective BAAs are highly specific to the data protected, what associates can access, and the services provided. BAA reviews and updates should be conducted regularly with clients and customers. New HIPAA regulations increase the covered entity's exposure to high penalties.
- CALL MEDCOM BENEFIT SOLUTIONS: Seriously, enlist professional help. Trying to meet HIPAA regulations head-on without the support of thoroughly trained and certified professionals makes a bumpy road impassable. A company specializing in HIPAA compliance provides audit help, risk analysis, privacy and security training, and guidance related to potential risks and exposures.
Medcom has a thoroughly trained and certified team to help your company achieve 100% compliance. We reduce your risk to ZERO! Medcom offers personalized and customized solutions for employers of any size. Read more about how we can help ensure your HIPAA compliance here.