Tag Archives: HIPAA Auditor

HIPAA Audits: Fact or Fiction?

Is Mr. HIPAA Auditor really out there enforcing compliance? The fact is, he may be closer than you think. With the sweeping changes regarding HIPAA Omnibus Rule, tolerance for non-compliance is next to zero. If you have not completed your training to Omnibus Rule Standard, you may be in the dark, but ignorance in this case is NOT bliss! There are numerous forms, extensive protocols that were due in place in your dental office by September 23, 2013. There is no grace period, and there is no “I’ll get to later” attitude tolerated. This is a pressing issue and should be a priority- NOW! The key to a smooth transition into HIPAA Omnibus Rule compliance is a comprehensive, economical, and easily implemented HIPAA Omnibus Rule Training Program. Seeking this training from a reputable,  knowledgeable company is a must.

Still not convinced this should be priority one in your dental office? Not sure if compliance to HIPAA Omnibus Rule is actually enforced? Allow us to present to you some recent actions as a result of non-compliance according to HHS.gov:

 

1.   “The Hospice of Northern Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals.”

2.   Alaska Department of Health and Human Services (DHHS) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information. OCR’s investigation followed a breach report submitted by Alaska DHHS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The report indicated that a portable electronic storage device (USB hard drive) possibly containing ePHI was stolen from the vehicle of a DHHS employee.  Over the course of the investigation, OCR found that DHHS did not have adequate policies and procedures in place to safeguard ePHI.  Further, DHHS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.”

3.   Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This settlement involves the breach of unsecured electronic protected health information (ePHI) of 17,500 individuals who were patients at an ISU clinic.”

 

If you think your practice is under the radar, think again! HIPAA audits can be kicked-off by disgruntled employees, HIPAA-savvy patients, or perhaps another healthcare provider who may make a complaint. The government is obligated to investigate every complaint, even if suspected untrue.

HIPAA Omnibus Rule is not going to go away, a HIPAA compliance company that will guide you through the twists and turns of compliance will be your greatest asset to protect your practice. Look for a compliance training company that will be your advocate in this cumbersome process. A company that will make compliance easy and stands by you when you need them to. Don’t leave yourself open and ripe for the picking!

 

Written by Jill Obrochta and Heather Whitt of Dental Enhancements

 

Top (6) HIPAA Finable Offenses

Is your dental office ready for a HIPAA Audit?  Do you know what HIPAA Auditors will be looking for within your dental office?

HIPAA laws all changed as of September 23, 2013.  The new HIPAA Omnibus Rules can be overwhelming, confusing and difficult to implement. 

It’s important to get your entire team trained up on these new HIPAA Omnibus Rules and also be aware of what HIPAA Auditors will be checking for at your dental office.  Finding a HIPAA Compliance Training Company that will provide comprehensive insight on these new HIPAA laws is critical.  Listed below are HIPAA Auditors top (6) favorite finable HIPAA offenses:

1.        Implementing all new HIPAA Omnibus Rules within your office— This means having all new forms and written policies to the new HIPAA Omnibus Rule standard in place and functioning within your dental office.  This will include:  new Patient Forms, New Proof-of-Employee Training and even new Vendor Confidentiality Agreements to protect your patient’s private information.

2.       New HIPAA Manual written to the new Omnibus Rule Standards— With HIPAA laws changing to this new Omnibus Rule Standard all of your HIPAA  required forms and policies within your HIPAA Manual will need to be revised and updated.  Best to update and obtain a new one.  Also, keep in mind that several forms will need to be updated for patients, employees and vendors with regards to HIPAA.

3.       New HIPAA Omnibus Rule Forms— As aforementioned, you will need new forms for all patients to sign, a new notice of these HIPAA Omnibus Rules, and Business Vendors as well as Employees will need proof-of-acknowledgement that they understand how to handle and protect Patient Protected Heath Information (PHI).

4.       Daily Data Back-Up & Contingency Requirements—  This is a grey area that leaves a lot to interpretation.  But it is also one of the first areas that a HIPAA Auditor will look into.  Make sure you understand how to best have your data backed-up to the standard:  “Off-Site & Encrypted”.  Best Practices will have you backing up to a cloud that is either “live-cloud streaming” or “snapshot” of your important business and patient data.  Talk to a HIPAA internet expert to make sure you get this one right!

5.       Encryption on Out-Going Emails from your office— If your office uses outgoing email accounts like:  Gmail, Hotmail, Yahoo or Aol, and you send patient info within these emails, you will need to add an encryption software to your outgoing emails.  Your current dental software provider,  dental supplier or IT tech can help you secure this HIPAA required service.  Good news is that is does not cost much.  Usually just $2-$3 per month.

6.       Updates to your Microsoft XP Software— As of April 8, 2014 dental offices using Microsoft XP will no longer be HIPAA compliant.  Microsoft will stop providing free updates forcing dental offices to comply with the new Federal Standards.   If you are using computers within your dental office, you must have HIPAA compliant software operational within your office.  Upgrading to Windows 7 or 8 will do the trick.  These are written to the new HIPAA compliance standard.  

How do you feel now?  Are you HIPAA Auditor ready?  If not, stop stalling!  Find a HIPAA Expert that can help you scrutinize your HIPAA protocols and provide all of the forms, training and guidance you will need.  Get “hip” to the new HIPAA Omnibus Rules.

Written by Jill Obrochta and Heather Whitt of Dental Enhancements.