The Datamax Thinking Blog

Educating, collaborating, and sparking ideas for maximizing the technology that matters.


7 Essential Things You Need to Do to Be HIPAA Compliant

The seven things you need to know about complying with HIPAA.

HIPAA compliance is a must for every healthcare provider. Here are the seven essential things that must be covered.

While you may think that the actual physicians and licensed medical practitioners are responsible for HIPAA compliance, office managers must also guard confidential medical information. Not only must office managers make sure that protected health information isn't accidentally disclosed, but they must also work to protect it from theft.

The combined regulation text for the HIPAA rules that apply for your office is 115 pages, so it's important to read it thoroughly to avoid any accidental violations. Medical Economics notes in a review of the 2013 changes to HIPAA policy that your office must do these seven things or risk fines of $100 to $50,000. Here are seven things you need to know to be HIPAA compliant.

1. Post a Statement of Patient Rights Under HIPAA

This statement needs to be on your office's website and displayed prominently in the physical office.

2. Conduct a Risk Analysis to Determine the Safety of Patient Information

HIPAA allows you to make some choices about how you protect patient information based on the risk to the information and cost of different security measures. You should document your risk assessment, states the U.S. Department of Health and Human Services.

3. Make Sure Private Information Is Encrypted

It's not enough to simply secure your office computers; your office must also make sure that patient information is encrypted in case of theft. That way, even if your computers are hacked, the hackers cannot read confidential information. 

4. Have a System to Protect Confidential Information From Insurance Companies

If a patient pays for an out-of-pocket test, you must not share that information with the patient's insurance company without permission. Your office should have a procedure for protecting this information and preventing accidental disclosure.

5. Know How to Provide Electronic Records to Patients

Your office must have policies in place that help it provide any requested patient records to the patient in electronic form within 30 days.

6. Review How to Disclose Violations

If a HIPAA violation occurs, your office must know whom to notify and the appropriate timeline to provide notification. For an office with a breach of less than 500 patient records, the office can provide notification to the U.S. Department of Health and Human Services online within 60 days of the end of the calendar year of the discovered breach.

7. Discuss HIPAA with Business Partners and Vendors

Even if your office discloses confidential information to business partners and vendors within HIPAA parameters, your office must still verify that these partners have the resources to protect patient information. 

Knowing and following HIPAA policy isn't just the law, it's also a way to protect your office and your patients from information theft that erodes trust. Learn the law and your office could be rewarded with greater patient confidence.

Have a question? Contact us now.

Topics: Security Healthcare Tips and Tools