Understanding 2014 HIPAA Violations Deadlines

HIPAA Violations Lurking In A Massive Wall of Organized Documents?The Federal Government is cracking down on HIPAA violations. For healthcare providers and covered entities, time is running short to ensure compliance with most of the HIPAA updates that kicked off on September 23, 2013. The last date for the new HIPAA implementation is September 22, 2014, when covered entities must be able to show qualifying business associate agreements for all partners and vendors. Rather than waiting for that date, providers can avoid HIPAA violations by working now to ensure compliance with updated rules.

Make Use of Free Resources

The federal government and numerous medical associations are offering free resources to assist physicians and other providers with compliance. The American Medical Association provides free template downloads for business agreements and privacy policies. They also provide PDF versions of FAQs that can be used in training staff.

Conduct a Vendor and Partner Review to Avoid HIPAA Violations

Pull a comprehensive list of all vendors and business partners. Ensure you still require services from each entity and that you have a compliant, updated business agreement on file for every entity. It’s not enough that you protect the privacy of your patients; vendors and business partners must state that they also protect that information. If you have doubts, ask for a demo of their software or procedures so you can be sure they are following HIPAA guidelines.

Make Sure Privacy Statements are Up to Par

HIPAA updates in 2013 require some changes to most Notices of Privacy. You must add statements that indicate genetic PHI will not be used for underwriting or disclosed to insurance companies, any PHI released for marketing purposes will be bound by an individual authorization from the patient, and any person possibly impacted by a breach in PHI will receive notification of the event. These statements are in addition to the numerous privacy statements already required by HIPAA, and failure to provide patients with a complete Notice of Privacy can result in fines and sanctions for providers.

How will you avoid HIPAA violations in 2014?