Nothing makes doctors cringe more than someone blurting the acronym HIPAA. What is HIPAA and why should I care, after all I am a doctor for heaven’s sake! While that statement is often tossed around in casual conversations among peers, the underlying majority sentiment among the medical community is that it scares all healthcare principals to the bone. The cost of a single HIPAA violation is astronomical and can literally put a small healthcare practice out of business.
Among one of the most significant changes in recent years is the “downstream contractors” provision that requires contractors that deal with Patient Healthcare Information (PHI) on behalf of healthcare practices have a Business Associates agreement on file. This agreement in essence requires the contracting firm to have the same level of compliance of the healthcare practices that they provide services to. Furthermore, the law requires that it is the responsibility of the healthcare entity to ensure that the downstream contractors are in compliance with the law.
What does that mean to the practice and what can be done?
- Perform an initial assesment and remediate any exposure
- Develop compliance plans
- Adopt policies for all employees
- Facilitate employee training
- Perform quarterly risk assessments
A well-defined, well documented privacy and security policy is the first step towards minimizing legal exposure to potential violations of federal law related to the handling of PHI.
Beringer Associates is always here to provide expert advice and solutions so please contact us with any questions you may have.