When it comes to HIPAA, “Are we compliant?” is the question most frequently asked by healthcare professionals. Even though there is no government seal of compliance proving you are, continually striving to answer this question will help you protect your organization.
When we ask healthcare organizations if they believe they are HIPAA compliant, they often say, “Yes, we are...” which is amazing given the fact that…
70% of all healthcare organizations fail their HIPAA audit!
Obviously there is a disparity between what healthcare professionals believe and what is true.
Some common misconceptions healthcare professionals believe include:
- We did a risk assessment awhile ago, so we are good to go
- We have and follow a manual, so clearly we’re compliant
- We have regular in-house training
- Our computer network is very secure, so obviously we're compliant
- We're too small for anyone to pay us any attention
- The chances of our getting an audit are very slim, so we're not worried
- My IT guy handles it, so we're good!
- If this is what you're thinking, your organization is NOT satisfying HIPAA regulations and it's very likely you probably WILL NOT pass the audit!
It isn’t ‘IF’ you will be audited, it's ‘WHEN!’
In 2017 there were $17 million in fines, and in 2018 fines almost DOUBLED with a record $28 million in fines. Enforcement of HIPAA is up over 400% since 2016, and this year looks like it will be even worse!
In 2018, SIX Twin Cities healthcare organizations were on the Wall of Shame.
As of May 2019, there were already 12 on the Wall! Are YOU next?
How do you know for sure if you're protected? One way is to download the HIPAA Checklist we have highlighted at the bottom of the page; it’s a great place to start!
To get a good idea of how secure your confidential records are, start with this:
The 7 Elements of an Effective Compliance Program
- Written policies and procedures, and standards of conduct
- Designate a compliance officer and a compliance committee
- Conduct ongoing effective training and education
- Develop clear and comprehensive lines of communication
- Conduct internal monitoring and auditing on a regular schedule
- Enforce standards with well-publicized disciplinary guidelines
- Respond promptly to the detected offense and quickly take corrective action
These 7 elements do not make you compliant, but are all part of the HIPAA compliance regulations.
Some important things to remember:
- You need to prove your good faith effort of being compliant
- You will not be fined for a breach, unless you have not taken the necessary efforts to protect your PHI! (Protected Health Information)
- You must have six years of written documents to prove your compliance
- Your entire staff is required to read and legally attest to HIPAA documents
- You must understand the omnibus rule that states all vendors accessing PHI must have signed a BAA agreement.
- You must comply with the HIPAA security rule that you have administrative, technical and physical safeguards in place
- A main reason for data breaches is careless employees, including management!
- YOU NEED TO HAVE A CULTURE OF COMPLIANCE
To guarantee your organization is HIPAA compliant, Imagine IT offers a service that protects you during a HIPAA review. We are a Business Solutions Provider, and created The HIPAA Security Shield which reviews your policies and procedures, and trains your employees for compliance so you can avoid large fines and be confident with the security of your confidential files. Imagine IT is here to keep your healthcare organization secure and compliant... Contact us here!