Even if you think you're following all of the HIPAA guidelines, it seems they're constantly tweaking details related to compliance, regulations and violations. Keeping up-to-date can be confusing. To understand the basic guidelines for keeping with HIPAA’s policies, check out our previous post on what HIPAA means for dietitians.
Today at Healthy Bytes we're going to simplify the latest changes and inform you of the new restrictions. Let’s begin with the latest information that health-care providers should know.
- 2016 is the year of the HIPAA audit. The Office of Civil Rights (OCR) has implemented an audit protocol that conducts periodic, random audits to increase the efficiency of analyzing HIPAA compliance. This will include the request of information such as specified documents, breach notifications, business associates, and workforce members.
- Any individual or business that provides or deals with health information is required to ensure that any third party business associates also comply with HIPAA’s standards. In short, any business that you deal with that is not a part of the conduit exception rule (mail delivery services, couriers or internet service providers) must sign a Business Associate Agreement (BAA) in order to keep your practice in compliance with HIPAA’s rules.
- At the moment electronic health records (EHR) are easily targeted if the information is not encrypted with the proper security measures, passwords are not always enough. However HIPAA does not necessarily state that unencrypted files are a breach of data. At the moment this is a murky area of HIPAA’s statement that might be resolved soon. At the moment safe guarding your files with encryption is recommended, but not necessarily required.
Recognizing that healthcare information breaches are strictly enforced and will lead to heavy fines and penalties will help you to protect your practice from the get go. HIPAA enforces both civil and criminal penalties. Protecting your practice from any data breaches is key to avoiding monetary fines and criminal penalties.