What “HIPAA-compliant” really means
If your practice were to come under a random audit for monitoring compliance with the Health Insurance Portability and Accountability Act (HIPAA), would you pass? Learn what it really means to be in compliance with HIPAA and learn tips from experts.
Dana DeMasters, a privacy and security officer at Liberty Hospital in Liberty, Missouri, and Tom Walsh, president and CEO of tw-Security, discussed what HIPAA compliance looks like during a session last week at the 2015 annual meeting for the Healthcare Information and Management Systems Society in Chicago.
Compliance should be an ongoing effort
According to DeMasters and Walsh, the most important thing doctors should know is that there’s no such thing as “HIPAA-compliant certification.”
In other words, practices can’t earn a “seal of approval” that makes them compliant once and always. While credentialed staff at independent firms can give their professional opinion on your practice’s HIPAA compliance status, any HIPAA assessment is just a “snapshot in time.” Changes in your organization can impact your overall compliance status.
That means that HIPAA compliance is a continual effort of your practice.
4 steps to take
To protect your practice against a security breach and ensure you’re in compliance with HIPAA, taking these three steps on an ongoing basis:
- Educate your staff about the importance complying with HIPAA requirements.
- Ensure all electronic patient information is encrypted when in transit and at rest.
- Perform a privacy and security risk assessment for all health care information technology, not just your electronic health records.
- Document, document, document. Maintaining a paper trail is not only important in managing your own compliance, but vital in the event of an audit.