Are Your HIPAA Compliance Efforts Healthy?

By //  by  Leave a Comment

Let’s address the (ahem …) hippo in the room. HIPAA compliance continues to be a real challenge for small and midsized businesses. Below we answer your questions regarding what is HIPAA Compliance.

What is hipaa compliance and why does your medical office need it?

HIPAA is an acronym for the Health Insurance Portability and Accountability Act, which has very specific rules and regulations around a patient’s health information.

Larger healthcare organizations – hospitals and insurance companies – have in-house information technology teams, but smaller businesses don’t have the same depth of IT help on hand. Yet they must abide by the same rules.

Risking a HIPAA violation can be costly. Fines reach up to $50,000 per occurrence.

Common violations include:

  • Leaving records unsecured. WellPoint didn’t secure an online health database and paid $1.7 million
  • Not encrypting data. The Massachusetts Eye and Ear Infirmary failed to encrypt physicians’ laptops, which led to a $1.5 million fine.
  • Loss or theft of devices containing personal health information (PHI). A pediatric practice in Massachusetts lost a flash drive and settled for a $150,000 fine.
  • Failing to train employees in HIPAA compliance. A Walgreens in Indiana breached a single patient’s privacy and paid her $1.44 million.
  • Disposing of records improperly. Affinity Health Plan paid $1.2 million after failing to erase the photocopier drives before returning them to the leasing company.
  • Releasing information without authorization. Phoenix Cardiac Surgery posted a patient’s appointment on an online calendar and paid $100,000.
  • Disclosing PHI to third parties who do not have access rights. A medical practice in Phoenix sent patient data over insecure email and was fined $100,000.

Tips for HIPAA Compliance

Be aware of HIPAA requirements. Smaller businesses can have a tougher time remaining up to date on technology and guidelines. But that doesn’t make them any less accountable for understanding HIPAA compliance. It’s important to do the research and get educated, or partner with an IT provider with the expertise to prevent possible violations.

Embrace encryption. If your business deals with any confidential information, encryption and firewalls are necessary. Prevent outside traffic from accessing your systems. Ensure data can’t be read if there is unauthorized access. If there is a breach, or a lost or stolen device, the HIPAA penalties are reduced if encryption is used.

Protect all your endpoints. Any mobile devices that have access to patient data need to be secured. With mobile device management, for instance, you can lock down and wipe lost or stolen devices.

Err on the side of caution. Employees gossiping over coffee in a dentist’s office could share patient information, or someone might be sending an email with unencrypted data, or a health announcement with recipient names visible. All these are HIPAA violations. Humans will make mistakes, yes, but it’s less likely if you educate about regulations and the importance of being careful.

Get a HIPAA Check-Up

HIPAA has been around since 1996. In 2005, regulators got more serious about electronic versions of PHI. Yet there are still some businesses out there with only a vague idea of what it means to be compliant.

Heavy hitters in healthcare already take HIPAA seriously. You should, too. So, you haven’t been audited yet, but that doesn’t mean you won’t be. A $50,000 HIPAA fine could make the difference in your business staying afloat another year.

HIPAA compliance is critical for many organizations. Set policies and procedures. Put in place security awareness training. Start using encryption and assess for risks.

Were hoping the information in this articles answers your question, what is hipaa compliance. Be proactive with your IT management. By working with IT security experts, you can stay on top of HIPAA and remain compliant. A managed services provider can assess risk, identify areas for improvement, and propose new tech.

Contact Landon Technologies to get your IT and access management policies in healthy shape.

Check out these other related Cyber Security topics that could be of interest to you!

Call us at (888) 596-3998 for questions related to our services.

Looking for immediate answers to your questions?

You May Also Be Interested In:

A group of professionals discussing network configurations in a modern office setting.

How to Set Up a Corporate Network for Success

Efficient team of IT professionals working on fully managed IT services.

What is Fully Managed IT Services? – Your Personal IT Department

Split-screen image contrasting a composed IT professional monitoring system data under Managed Services with a stressed IT professional surrounded by disarrayed cables and broken equipment under Break-Fix model.

What is the Difference Between Managed Services and Break-Fix?

A technician inspecting network cables for maintenance.

How Often Should Network Maintenance Be Done?

Remote team collaborating on a virtual meeting.

Best Practices for Managing a Remote Workforce

A close-up of a woman's hand typing on a laptop keyboard with a cup of coffee beside it.

How to Provide Effective Technical Support for Remote Work

IT Management Meeting with Client

What Does an IT Managed Services Company Do?

An image of a modern data center with rows of servers and technicians working.

What is Data Center Support?

A team of network technicians carefully planning a network installation project in a business setting.

How Much is Labor to Install a Network? Understanding Network Installations

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *