When talking about IT within the healthcare industry, it’s pretty difficult for conversations to stray too far from HIPAA compliance. And as the number of audits and penalties continue to increase, those conversations only become more prevalent. As small- and medium-sized businesses review their policies at the beginning of a new year, let’s cover some of the most fundamental HIPAA considerations, right here.
Compliance leaves the office with you
When you take your phone, laptop, or tablet with you -- as you return home, or go to a meeting outside your office or a seminar out of state -- your data needs to get the same treatment it does inside the office. If you access data from unsecured devices or connections, you could be looking at stiff penalties when audit time rolls around.
As an extension of this principle, business partners with any involvement in your data storage, transfer, or protection are also required to employ best practices. If you have a legal firm on retainer with access to your network, it’s your responsibility to ensure that firm also adheres to compliance rules. Business Associate Agreements are the best way to shield yourself from mistreatment of data by a business partner, and they should be reviewed at least every year.
Most “optional” measures...aren’t actually optional
Confusingly, HHS’s Summary of the HIPAA Security Rule page has a heading titled Required and Addressable Implementation Specifications. The synopsis can be interpreted as, “Although we listed some safeguards as addressable, we actually mean that they have to be implemented. But how you do so is up to you.”
2016 saw a massive uptick in the number of HHS audits and the fines the government entity doled out. Consequently, whenever safeguards or measures allow for wiggle room or subjective interpretation, we always recommend going above and beyond. Compared to fines that soar into the millions of dollars, hiring a managed IT service provider is more than worth it.
This is about more than being “careful”
Some providers are quick to point out that compliance is about stringent safeguards to prevent even the tiniest of breaches. How do you think those practices would respond if you told them one Ponemon survey found that 90% of healthcare practices experienced a data breach during a two-year period?
Managing cyber security is becoming a problem for organizations in every industry. Business owners need to acknowledge that the threats are real, and that solutions must be exhaustive. In fact, most states have enacted their own variation of patient privacy legislation. So if you’ve found a thorough walkthrough of compliance written by someone located in another state, that’s not going to cut it.
To confidently achieve HIPAA compliance, you need IT technicians with experience adapting to years of changes to this complicated legal framework. Call us today so we can help you secure and manage your electronic medical records and protected health information.