Tag Archives: Final Rule

Featured, HIPAA, News and Blog

The Top (10) items to have ready for a HIPAA Auditor

Leave a comment

 

With the sweeping changes that came forth as a result of HIPAA Omnibus Rule (due in place in all healthcare facilities by September 23, 2013), there are some definite items you will want to have ready for any impromptu HIPAA audit. As of January 2014, a federal HIPAA taskforce has been out and about enforcing the new HIPAA Omnibus Rule. Non-compliance can get you into hefty fines (ranging from $10K-1.5M) and a HIPAA audit that can range from 3 – 18 months’ time, continually managed by the HIPAA auditor. Don’t get caught unprepared!

Here are our top 10 recommendations to be looking good during any audit.

1.   Have your team trained to HIPAA Omnibus Rule Standard with proof-of-training

2.   Have a new HIPAA manual written to the new Omnibus Rule Standard

3.   Have required Business Associates Agreement signed by your vendors and on file

4.   Update and utilize a new Patient Acknowledgement Form written to the New Omnibus Rule Standard

5.   Display the new Notice of Privacy Practices in your office and on your website

6.   Complete your Data Backup and Contingency Plan in written format

7.   Make sure you are encrypting outgoing email

8.   Make sure your data backup is offsite and encrypted (cloud off site streaming is preferred)

9.   Implement all protocols regarding Protected Health Information (PHI) within your office

10.Get help from an expert HIPAA coaching service if you are overwhelmed

 

 

Don’t wait for that dreaded phone call or visit from a Federal HIPAA Auditor, make sure you choose a HIPAA coaching service that will give you comprehensive training protocols. We love the comprehensive 2014 HIPAA Omnibus Rule Complete Compliance Package.  Get hip to HIPAA, it’s the law!

Written by Jill Obrochta and Heather Whitt

Featured, HIPAA, News and Blog

HIPAA Audits: Fact or Fiction?

Leave a comment

Is Mr. HIPAA Auditor really out there enforcing compliance? The fact is, he may be closer than you think. With the sweeping changes regarding HIPAA Omnibus Rule, tolerance for non-compliance is next to zero. If you have not completed your training to Omnibus Rule Standard, you may be in the dark, but ignorance in this case is NOT bliss! There are numerous forms, extensive protocols that were due in place in your dental office by September 23, 2013. There is no grace period, and there is no “I’ll get to later” attitude tolerated. This is a pressing issue and should be a priority- NOW! The key to a smooth transition into HIPAA Omnibus Rule compliance is a comprehensive, economical, and easily implemented HIPAA Omnibus Rule Training Program. Seeking this training from a reputable,  knowledgeable company is a must.

Still not convinced this should be priority one in your dental office? Not sure if compliance to HIPAA Omnibus Rule is actually enforced? Allow us to present to you some recent actions as a result of non-compliance according to HHS.gov:

 

1.   “The Hospice of Northern Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals.”

2.   Alaska Department of Health and Human Services (DHHS) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information. OCR’s investigation followed a breach report submitted by Alaska DHHS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The report indicated that a portable electronic storage device (USB hard drive) possibly containing ePHI was stolen from the vehicle of a DHHS employee.  Over the course of the investigation, OCR found that DHHS did not have adequate policies and procedures in place to safeguard ePHI.  Further, DHHS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.”

3.   Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This settlement involves the breach of unsecured electronic protected health information (ePHI) of 17,500 individuals who were patients at an ISU clinic.”

 

If you think your practice is under the radar, think again! HIPAA audits can be kicked-off by disgruntled employees, HIPAA-savvy patients, or perhaps another healthcare provider who may make a complaint. The government is obligated to investigate every complaint, even if suspected untrue.

HIPAA Omnibus Rule is not going to go away, a HIPAA compliance company that will guide you through the twists and turns of compliance will be your greatest asset to protect your practice. Look for a compliance training company that will be your advocate in this cumbersome process. A company that will make compliance easy and stands by you when you need them to. Don’t leave yourself open and ripe for the picking!

 

Written by Jill Obrochta and Heather Whitt of Dental Enhancements

 

Featured, HIPAA, News and Blog

Dental Office HIPAA: 3 Key Factors to Success

Leave a comment

 

Creating a HIPAA Compliance Program for your dental office can be an arduous task.  Just thinking about implementing the new HIPAA Omnibus Rules can be intimidating to say the least.  And yes, HIPAA all changed as of September 23, 2013.  So if you did not yet update your HIPAA Program to the new Omnibus Rule Standards, take-heed to our key recommendations for implementing a successful present-day HIPAA program.   Reading the information below can make the difference between complete, comprehensive HIPAA Omnibus Rule Compliance and a “heaping HIPAA mess”….

 

1.   Comprehensive is Key:  Last September (2013), Federal HIPAA laws all changed.  Make sure to choose a comprehensive HIPAA training solution.  Implementing this without professional guidance may leave too many loose ends.  These new laws are very precocious!  Be sure your program includes:  Employee Training, An new HIPAA Manual (written to Omnibus Rule Standards), Required Paper work for your Employees & Business Vendors, a Breach Reporting Protocol and new updated paperwork for patients too. Note that the new HIPAA law standards may be referred to as either “the Omnibus Rules” or “the Final Rule”.  Choose a program that reflects such.

 

2.   Work with HIPAA Experts:  Make your life easier by choosing experts in this new area of HIPAA law.   One that has had legal guidance when writing their program.  Be sure that your HIPAA coaches will also offer updates to their program and that they can speak to all of the new Omnibus Rules with finesse.

 

3.   Create a Relationship with your HIPAA Coach Be sure you can relate and interact with your new HIPAA coaches with ease.  This subject matter is convoluted and complicated enough!  You want to be sure you have an ally in the HIPAA Coach that you choose, not a heavy militant approach.  Be sure that your HIPAA Guide can make themselves available via phone or email to answer questions and make clarifications as you implement these new cumbersome protocols.

 

HIPAA…It’s the new OSHA!  But the new HIPAA laws are even more intense and expensive.  Don’t be caught off-guard or out-of-sync. Get hip with a comprehensive HIPAA solution.

 

Written by Jill Obrochta & Heather Whitt of Dental Enhancements.