April 21, 2016
The last time I looked in to HIPAA compliance was when I adopted my front desk policies years ago. It seems a lot has changed. How do I know if I am compliant now? What does that really entail?
Thanks, Dr. OAnswer:
Yes, Dr. O, a lot has changed. The new Security Rule and HiTech Act require more than policies in compliance. Using electronics - a laptop, electronic claims submission, mobile devices for email all trigger the need to additional protections by your practice as related to HIPAA. Each Practitioner is responsible for ensuring their own compliance, and an obligation exists to self audit. One tool available is the OCR-HealthIT Security Risk Assessment Tool (more about that HERE
). In the coming weeks I plan to write a few newsletters on this topic and how we can simplify the review process and get closer to compliance.
Right now, if you have not audited your compliance for HIPAA and made sure your electronic transmissions are safe, you are most definitely not compliance. How to keep those transmissions safe is a longer answer, and will require we discuss compliance, IT support, hiring practices, management over staff, and, unfortunately, a few other areas. As data and communications are now pervasive, so is the need for protecting same. For the little guy fighting on his own, the task may seem daunting, but approaching prepared and ready to remedy will certainly make the task less arduous.