Is your organization taking HIPAA mandates seriously? If you think HIPAA is only limited to huge organizations then you are in the dark. The government has its eye on small and medium sized organizations as well.
When HIPAA first came into act the maximum penalty was $250,000, now the maximum charges are $1.5million for violating the rule, fines have quadrupled and so has the pressure on medical practices.
The director of the Office for Civil Rights (OCR), a part of the U.S. department of Human Health Services (HHS), issued strict guidelines to all the covered entities to comply with HIPAA or get ready to pay millions. The recent actions taken by the OCR, charging millions of penalties, points out that how serious the federal government is about HIPAA compliance.
Cases in point!
- The medical records of Britney Spears were accessed by 13 staff members of UCLA permission, all the 13 members were fired and 6 others were suspended.
- Injury details of a patient was posted on Facebook by a physician in Rhode Island, she was found guilty and of irresponsible conduct. She was issued a warning and a fine. Though the name of patient in the emergency room was not leaked, the injury details on face book were enough for an unauthorized firm to figure out the patients details.
It is time to step up to the plate and fast track compliance efforts…
The OCR has stated that more audits will be conducted this year. However small be the practice, all of them should be ready to face the increased audits and the demands of the compliance regarding HIPAA security. As stated by Leon Rodriguez, director of the department of Human Health and Services (HHS), the audits will get narrower year by year and focus will be on corrective measures.
OCR achieved a payment of $3.7 million dollar in the year 2013, by making five resolution agreements. Most of the cases showed security issues and access to patients being denied. This indicates to the fact that OCR is focused on imposing high penalties on organizations who do not comply with HIPAA. Thus it is the need of the hour to keep your organization updated with HIPAA compliance and regular training of staffs.
5 crucial points that needs to be addressed!
- Keep your policies and procedures updated
- Make sure that your policies work: It is always safe to make sure that your policies work before a patient complains or an audit by the OCR.
- Conduct regular training for staffs to keep them updated about HIPAA:Train staff have regularly about HIPAA mandates, and on how to face audits
- Don’t try to make all your members a HIPAA expert: Train each individual for a specific job and have clear-cut security policies
- Don’t be overconfident about your staff’s knowledge on HIPAA: Even after providing regular training sessions you cannot be sure that your members know everything about HIPAA. You can conduct case scenarios and quiz sessions.