It can take months, sometimes years to gain the trust of your patients and your community. Securing your reputation as a provider who is careful and conscientious – not only medically competent but also respectful of privacy and security – can be a hard-fought victory. With healthcare and personal identification data, physical and IT security, and financial information all being a target by bad players, ensuring HIPAA compliance has never been more important. Add to that the risk that can occur from honest human error and suddenly the time you could be helping patients is now spent performing damage control and answering to investigators. Why risk it? Here is how enlisting outside help for HIPAA audits and assessments can help your practice.
Any practice knows too well that the U.S. Department of Health and Human Services (HHS) can levy civil and criminal infractions against a medical practice for violating HIPAA regulations, whether on purpose or accidentally. A recent instance of a HIPAA violation occurred when an employee of a dermatology practice in Massachusetts removed an unencrypted USB drive from the office and left it in their car. The car was burglarized and the resulting theft of the USB drive from the employee’s car cost the medical practice $150,000 in fines. Remember – fines are not assessed by the incident, but rather, by each victim of the infraction. One lost USB, misplaced file or hacked hard drive could result in fines in the tens of thousands or, for larger practices, millions of dollars, and could potentially signal the end of a once thriving medical practice.
Probably the best way to ensure you don’t violate HIPAA regulations is to assess your situation even before hiring an outside firm. Check to see if you have policies and procedures in place, and see if they are being updated and utilized as part of your daily operations. It won’t take long to see areas that could use updating or reinforcement. Is your staff properly trained? Are you maintaining that training? When reaching out for assistance, be sure to have a list of areas you feel may be lacking or, in some cases, non-existent. With an expectation of achieving excellence, it is good to have an idea what your standard baseline is before an audit team comes in. Having an open dialogue with your outside auditors not only will make it easier to determine which areas need work or where there is non-compliance; it can also avert a government audit or worse, a violation or breach.
When it comes to maintaining standards, ignorance of the law is no excuse – and the law makes that quite clear. With fines of up to $50,000 for a single occurrence and $1.5 million per year combined with potential jail time, it shows how seriously HHS takes patient confidentiality. All employees should be trained regarding patient confidentiality, physical security, office and billing protocols, records release and sharing, etc. While passing a file to a family member may be well-intentioned, there may be in violation of privacy laws. Understanding and adhering to proper practices should be part of your practice’s DNA; getting there is the hard part.
Unless a practice hires full-time staff who oversees HIPAA compliance and staff training, expect to always be one step behind. Training new staff and debriefing staff as they depart or are terminated; ensuring files are secure and encrypted; and overseeing physical security, billing and administration can take their toll on an already overstretched staff.
When it comes to HIPAA audits and assessments, leave it to the experts. That’s why savvy practices and providers who choose patients’ privacy and welfare over convenience turn to ProMD Practice Management, the industry standard when it comes to HIPAA compliance, billing, and executive administration. If you would like a HIPAA audit and assessment of security measures employed by your medical office, contact Pro MD Practice Management by calling 888-622-7498. You can also request a consultation online. You and your patients deserve no less then the best.