If you are a healthcare provider or manage a medical facility of any size you are probably familiar with HIPAA Privacy Rules. You may also be familiar with the consequences of non-compliance.
In fact HIPAA fines added up to $28.7 million in 2018 alone.
So what are the basic HIPAA policies and procedures and how you avoid fines? We provide an overview to help with your HIPAA compliance management.
HIPAA stands for Health Insurance Portability and Accountability Act. The goal of HIPAA is to shield the Protected Health Information (PHI).
Along with hard copy records healthcare providers must also apply with HIPAA Security Rules regarding digital health records (ePHI) which are stored on servers or transferred via inter-office/network systems emails or through a website.
HIPAA rules apply to all medical facilities and providers. An updated HIPAA Omnibus Rule was added to address changes in the way healthcare services are now delivered. The Omnibus Rule includes Business Associates and secondary individuals/businesses that store or transmit medical records.
The rules also apply to businesses that supply services to medical facilities such as subcontractors consultants storage companies accountants lawyers administrators IT personnel and anyone who might have access to PHI or ePHI.
As we mentioned the “Privacy Rule” is designed to protect individually identifying health information or PHI.
PHI includes:
The only exclusion applies to employee health records that a covered entity maintains.
There are three aspects to the HIPAA Security Rules.
Technical safeguards:
Physical safeguards:
Administrative safeguards:
In all cases you must obtain written permission from patients in order to share private health information.
Non-compliance is a serious business. Let any area slip and you could face fines and possible legal action. Ignorance of the law will not count as an excuse either.
HIPAA fines and penalties:
Fines are imposed per violation category and are based on the number of records that were exposed the risk related to the exposure and the level of negligence.
Keeping track of HIPAA policies and procedures can be difficult for many entities. Compliance doesn’t stop with HIPAA rules either. There are many laws and regulations to meet from employment laws and safety measures to tax filings.
The consequences of non-compliance can be steep. You don’t have to face these issues alone however. Alura can help with a range of compliance management services. Be sure to also read our blog for additional resources and information that is critical to your operations.