If a patient questions the security of their protected health information – how would you reply?
Even worse, what happens when they ask if your practice is HIPAA compliant when you know it’s not? Since it is the law, a question like this could make your practice seem uncaring and possibly taint your reputation right?
The local and national news, ADA, and online journals report what seems like daily occurrences of security breaches, hacks, and negligence due to lack of awareness training. Not to mention Office for Civil Rights Phase 2 Desk Audits on the way. These reports are eye opening and shouldn’t be taken lightly.
Considering this, would you question safeguards taken to protect PHI from your personal physician, chiropractor, optometrist, accountant or attorney? The current pulse on security issues, identity theft, and Federal law would certainly leave room for thought.
The reality is that HIPAA tends to turn stomachs. You know that. What you may not know is most practices are terrified without realizing that HIPAA compliance helps protect you and your patient’s health information from the bad guys.
Here are some common HIPAA violations:
Emailing PHI improperly
Sharing computer logins
Server data not encrypted
Non-encrypted PHI stored on a laptop or other external device
No Business Associate Agreements with contractors
A weak or non-existent employee computer policy
A lack of annual HIPAA awareness training. Old computers given away without properly destroying data
No disaster recover plan
It would be unrealistic to suggest that your practice become compliant tomorrow or next week. The list above are in violation of HIPAA regulations. More importantly, each item on this list would significantly reduce the likelihood of a data breach.
Final Thoughts
The best approach is to get started with a all-in-one solution and steadily work towards compliance. The worst decision is to take no action. HIPAA regulations help safeguard Protected Health Information and your patients will appreciate your compliance efforts…so will the OCR.
