The Datamax Thinking Blog

Educating, collaborating, and sparking ideas for maximizing the technology that matters.


7 Ways to Be HIPAA Compliant

You need to be compliant with HIPAA because it's the law. Here are seven steps to take to comply with this regulation.

Being HIPAA compliant doesn't just protect you from fines; it helps protect your patients' trust in you.

The federal government requires all organizations and individuals who handle patient health information to be HIPAA compliant. Office managers must work to ensure that all confidential patient information is only viewed by authorized personnel and is protected against theft.

The HIPAA rules that apply to medical offices take up 115 pages. It is absolutely vital that you read through all the rules to ensure that you are in compliance. In 2013, HIPAA policy changed. After reading through those changes, Medical Economics identified seven potential violations that could leave your office open to fines that range from $100 to $50,000. Here are those seven issues and how to ensure you are HIPAA compliant.

1. Post a Statement of Patient Rights Under HIPAA

The rules say you should post this document where patients can easily see it as well as provide a copy upon their admission. In addition, it is best practice to ensure that your patients read the document as well as understand it.

2. Perform a Risk Analysis to Identify Weak Points in Your Patient Information Security

There are several methods to secure patient health information. It's up to you to find the option that best fits your practice and patients. Regardless of what Cybersecurity option you choose, the Department of Health and Human Services requires you to document the risk assessment process.

3. Encrypt Private Information

Encrypting your patient records is one of the best ways to protect patient information against theft. If you need help establishing an encryption process, consider contacting a third-party service provider.

4. Have a System to Protect Confidential Information From Insurance Companies

Insurance companies do not have a right to information from tests that a patient pays for out of pocket, and it's your obligation to ensure that information is not shared. Establish a procedure for protecting results from tests paid for out of pocket and preventing accidental disclosure.

5. Know How to Provide Electronic Records to Patients

Any records requested by the patient in electronic form must be provided within 30 days. Develop procedures that will allow you to achieve this standard every time.

6. Review How to Disclose Violations

If a HIPAA violation occurs involving less than 500 patient records, you must notify the U.S. Department of Health and Human Services online within 60 days of the end of the calendar year of the discovered breach.

7. Discuss HIPAA With Business Partners and Vendors

If your office shares patient information with an outside business partner or vendor, your HIPAA compliance obligations extend to them. You must ensure that your partners have the resources and practices in place to protect your patient information.

Being HIPAA compliant doesn't just protect you from fines; it helps protect your patients' trust in you.

New Call-to-action

Topics: Healthcare Solutions HIPAA Cybersecurity