While larger healthcare systems have made significant progress in complying with HIPAA rules and in implementing adequate controls to safeguard Electronic Protected Healthcare Information (ePHI) from external and internal threats, small practices are still struggling to achieve full compliancy.
A recent survey of 900 healthcare professionals working in small practices concluded that three out of ten small practices do not have any compliance practices in place yet. For the practices that have made progress towards compliancy, a startling 63% are not confident that their electronic communications with patients are HIPAA compliant.
Compliance audits are resuming as the extension period has ended. Protect your practice by discussing your HIPAA questions and concerns with your technology solutions firm.
Here are the five top things your small practice should know about HIPAA compliancy:
1) Ensuring complete HIPAA compliance is a tedious process that should be handled by a technology solutions firm experienced in dealing with compliance – To protect your practice from security threats and achieve HIPAA compliancy before you get audited, hire a professional IT solutions provider that is experienced with and capable of handling all of your information security needs. Protect your practice and your patients by contracting a reputable firm to achieve and maintain HIPAA compliance. Even if you don’t get audited, the information security standards set forth by HIPAA regulations are designed to protect your practice from external and internal threats.
2) If your small practice has a HIPAA data breach, you must notify your patients – Changes to the regulatory amendments for HIPAA and the HITECH Act require a Covered Entity to notify the patient and Health and Human Services of any breach that occurs. All breaches will become public information and patients must be notified via US Mail or email. Public dissemination of a breach will tarnish your practice’s reputation and hurt your credibility as a health care provider.
3) Smaller practices are a larger target in regards to data breaches and security threats – Many hackers specifically target smaller practices, since they expect them to be easier prey and less astute regarding security processes. A smaller organization is less likely to be HIPAA complaint when compared to a larger healthcare system. Due to financial constraints and a lack of knowledge about all the details regarding data security, smaller practices are a prime target for hackers looking to steal personal and financial information.
4) Noncompliance fines are high and some violations can result in criminal charges – Failing a HIPAA audit carries severe consequences. These penalties could significantly affect your profitability and even send you into bankruptcy. Penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation, with a maximum penalty of $1.5 million per year. Violations can also carry criminal charges that could result in jail time for anyone found guilty of willful neglect — not to mention the potential legal fees or business disruption.
5) Your IT firm could actually cause you to fail your audit – Hiring an IT firm to handle your compliance and safeguard your data is imperative to passing an audit. However, choosing the wrong IT firm to handle your HIPAA compliance could have devastating consequences. It is paramount to find a well reputed and competent firm with a comprehensive understanding of compliancy rules and regulations. New data security threats arise on a daily basis. Your IT firm needs to work constantly to protect your company’s data and to ensure compliance.
What can you do? And is there any good news here?
Contact your IT provider and ask them to perform a HIPAA compliance audit, covering your technology systems, processes and communications, especially data security, back up disaster recovery (called BDR) and business continuity – all key elements of a HIPAA audit.
The good news is that the same assessments covered in a HIPAA audit can shed valuable insight on your systems and process efficiencies, which can help you determine ways to not only better protect you from a data breach, but also speed your internal processes to improve staff productivity and patient satisfaction.