HIPAA has become an acronym synonymous with healthcare. We see it practiced and preached daily throughout the home care and hospice industry. However, too often breach notifications are at the top of our industry headlines. These breaches are costing our agencies time, money, and patient credibility. If we as agency owners, administrators, and employees understand the severity of a breach then why are breaches still occurring?
Many of you have begun the arduous process of educating yourself on the various rules, regulations, and guidelines for maintaining HIPAA compliance. You ventured over to hhs.gov and found yourself neck deep in an all but interesting study of the Health Insurance Portability and Accountability Act. This is where many of you stopped. You soon realized you did not have enough time to become fully educated on this law, enact a plan for your agency, and run a successful business all at once. For some of you the decision was made to hire a HIPAA compliance officer, but for many of you, this was not an option.
HIPAA compliance is a crucial part of sustaining a successful home care or hospice agency. The question then becomes, how do we maintain compliance without the budget necessary to staff a full-time compliance officer?
FIRST, stop these five common HIPAA violations today!
1. Sending protected health information via unencrypted email or text
2. Storing passwords in plain sight (Ex. Sticky notes)
3. Storing protected health information on unencrypted devices
4. Utilizing personal devices to access protected health information
5. Storing protected health information in plain sight
The Office for Civil Rights (OCR) has issued four required administrative processes and procedures to be implemented by all HIPAA covered entities. This means that if your agency is responsible for reviewing or maintaining protected health information you are required by law to complete the following.
- Risk Analysis
- Risk Management
- Sanction Policy
- Information System Activity Review
Healthcare Provider Solutions has partnered with Nashville-based cybersecurity provider, ImageQuest, in order to provide our industry with a dual-focused HIPAA compliance team. Together, we provide Home Care and Hospice agencies with a detailed HIPPA Risk Analyses that will identify vulnerabilities and risks in order to establish safeguards that will secure electronic protected health information (ePHI). We offer assistance in assembling business associate agreements, process and procedure manuals and establishing a compliance education program for your organization: all fundamental components of HIPAA compliance.
If you would like more information feel free to contact our office and speak with our Director of Information Technology, Drew Rowley, at 615-399-7499.