3 Questions Providers Should Ask
The federal government’s numerous communications throughout 2013 make it obvious that healthcare professionals are expected to take the sweeping updates to HIPAA regulations seriously. Even so, many organizations — especially small physicians offices – -are not keeping pace with requirements under the 2013 HIPAA update, which is also called the Omnibus Rule. The deadline for compliance with updated regulations was September 23, 2013. Healthcare professionals should ask some specific questions about compliance within their organization to avoid problems in 2014.
Is Staff Training Up to Date?
You can spend weeks getting paperwork in order, but a poorly trained staff will derail any HIPAA compliance audit. Ensure staff understand the new HIPAA regulations and are familiar with procedures to enact those regulations. It’s not enough to write SOPs (standard operating procedures), your staff must be able to answer questions and explain procedures to both patients and auditors.
Are Your Business Associates Up to Par with HIPAA Regulations?
You are liable for the integrity and security of patient data no matter where it is in the process. If you use a third-party claims billing company, for example, and their processes are not up to HIPAA guidelines, you are liable for any data breach that occurs. You may also be held liable for compliance fines and sanctions in the event the business associate is audited and found wanting. Ensure your Business Associate Agreements meet HIPAA regulations and that any business you work with is compliant with federal requirements.
Are Electronic Patient Files Appropriately Secured?
Data encryption might sound like something Fortune 500s or R&D firms worry about, but it’s the new standard in healthcare. New HIPAA regulations and rules under the Affordable Care Act mandate a move from paper records to electronic formats.
At the same time, offices must encrypt data and data transmissions to ensure privacy, confidentiality, and security of individual information. Encryption and technology costs may seem steep, especially for small offices, but they are probably less costly than the fines associated with HIPAA noncompliance or a future data breach.
So, how will your office comply with HIPAA regulations?