In addition to the security concerns any organization has, Oklahoma healthcare organizations have added security burdens due to complying with HIPAA requirements.
Violations could result in fines and penalties of $100 to $50,000 per violation, and a single data breach could result in multiple violations. It is not just costly to your budget, either. HIPAA compliance violations severely damage the reputation of Oklahoma healthcare organizations.
Here are six steps you can take to avoid HIPAA compliance violations:
1. Educate, Educate, Educate
Regularly meet with staff and discuss HIPAA and security protocols. However, be sure it goes beyond training and educating. You must make sure it is effective. While you may be relieved of fines caused by an employee’s action if that employee was trained, you may still be liable for privacy claims. In 2013, an Indiana jury awarded a $1.4 million dollar judgment due to a pharmacist violating the privacy of a patient, despite the fact that Walgreens had training policies in place.
2. Follow Safe Computer Practices
- Encrypt data.
- Use secure passwords, including two-step authentication.
- Close programs that contain HIPAA critical information when not in use. Screen-lock monitors when stepping away.
- U.S. Department of Health and Human Services recommends backing up PHI (Personal Health Information) in a HIPAA-compliant cloud server rather than on local servers or as paper copies.
- Install and keep up-to-date virus protection on computers and mobile devices.
3. Review and Regularly Audit Policies
HealthIT.gov has information, including risk assessment tools, to help you identify possible breaches. Auditing allows you to find where changes may need to be made to make sure HIPAA compliance is being met.
4. Make Certain Vendors and Third Party Associates Are Compliant
HIPAA requires Business Associate Agreements (BAAs). However, it is good business to do in any event. Documentation can protect you from culpability for HIPAA violations of business associates by showing they are independent contractors and not part of the healthcare organization.
5. Respond and Report Breaches
Quick action will, first of all, possibly limit the damage caused by a HIPAA violation. Secondly, HIPAA requires healthcare organizations to investigate privacy complaints and impose proper sanctions. Thirdly, if the act is not willful and is corrected within 30 days, fines for not complying with HIPAA may be avoided. However, even if the original violation was not willful, failing to report the compromised PHI may be viewed as willful neglect and fines may be levied.
6. Employ or Outsource HIPAA and Security Experts
If you do not have the knowledge or staff that can be assigned to focus on HIPAA issues, hiring consultants who specialize in HIPAA and security related issues can save money and headaches.
Do you know of some other HIPAA compliance tips? Let us know your thoughts in the Comments box below.
If you own or manage an Oklahoma-based home health care agency, and you are looking to become more efficient through the use of technology, download our free guide, Information Technology Guide for Oklahoma City Home Health Care Organizations.