Home > HIPAA, Physician Practices > Reminder: Compliance with HIPAA Is Important (and Mistakes are Costly)

Reminder: Compliance with HIPAA Is Important (and Mistakes are Costly)

July 14, 2017 Leave a comment Go to comments

Compliance with HIPAA is critically important to covered entities and their business associates.   This is not new, but it is good to remember that noncompliance with HIPAA Privacy and Security rules can lead to enforcement action and the imposition of civil monetary penalties.

The HHS Office of Civil Rights investigates violations of health information privacy rights.  The HIPAA enforcement rule, which can be found at 45 CFR Part 160, Subparts C, D, and E, contains provisions for investigations and procedures for hearings.

The HHS OCR has been active in 2017.  After 6 months, there have been a number of  investigations of violations of HIPAA’s privacy rule.  Covered entities should review here the types of violations that have arisen and their resolution.

Here is a reminder of the types of things that covered entities and business associates should be doing:

  • Maintain up to date copies of HIPAA laws and regulations
  • Make sure Notice of Information Practices and Consent forms are and comply with laws and regulations (multiple languages?)
  • Designate an information privacy and security Officer
  • Make sure there are Business Associate Agreements in place (and signed)
  • Implement procedures for receiving, documenting, and investigating complaints
  • Maintain IT security software, backup system, and disaster recovery plan
  • Conduct risk assessments regularly
  • Document all operational processes and procedures
  • Implement procedures for breach notification
  • Update training of employees

HHS OCR has been conducting audits of covered entities and their business associates to assess compliance with HIPAA Privacy and Security Rules.  Audits of whom?  According to  HHS OCR —

Who Will Be Audited?

Every covered entity and business associate is eligible for an audit. These include covered individual and organizational providers of health services; health plans of all sizes and functions; health care clearinghouses; and a range of business associates of these entities. We expect covered entities and business associates to provide the auditors their full cooperation and support.

It’s important to remember to be careful and thorough in all dealings that implicate HIPAA.  Data breaches and fines are embarrassing and expensive.

Categories: HIPAA, Physician Practices
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: