Tag Archives: HIPAA compliance

Featured, HIPAA, News and Blog

HIPAA Audits: Fact or Fiction?

Leave a comment

Is Mr. HIPAA Auditor really out there enforcing compliance? The fact is, he may be closer than you think. With the sweeping changes regarding HIPAA Omnibus Rule, tolerance for non-compliance is next to zero. If you have not completed your training to Omnibus Rule Standard, you may be in the dark, but ignorance in this case is NOT bliss! There are numerous forms, extensive protocols that were due in place in your dental office by September 23, 2013. There is no grace period, and there is no “I’ll get to later” attitude tolerated. This is a pressing issue and should be a priority- NOW! The key to a smooth transition into HIPAA Omnibus Rule compliance is a comprehensive, economical, and easily implemented HIPAA Omnibus Rule Training Program. Seeking this training from a reputable,  knowledgeable company is a must.

Still not convinced this should be priority one in your dental office? Not sure if compliance to HIPAA Omnibus Rule is actually enforced? Allow us to present to you some recent actions as a result of non-compliance according to HHS.gov:

 

1.   “The Hospice of Northern Idaho (HONI) has agreed to pay the U.S. Department of Health and Human Services (HHS) $50,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This is the first settlement involving a breach of unsecured electronic protected health information (ePHI) affecting fewer than 500 individuals.”

2.   Alaska Department of Health and Human Services (DHHS) has agreed to pay the U.S. Department of Health and Human Services’ (HHS) $1.7 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  Alaska also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information. OCR’s investigation followed a breach report submitted by Alaska DHHS as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The report indicated that a portable electronic storage device (USB hard drive) possibly containing ePHI was stolen from the vehicle of a DHHS employee.  Over the course of the investigation, OCR found that DHHS did not have adequate policies and procedures in place to safeguard ePHI.  Further, DHHS had not completed a risk analysis, implemented sufficient risk management measures, completed security training for its workforce members, implemented device and media controls, or addressed device and media encryption as required by the HIPAA Security Rule.”

3.   Idaho State University (ISU) has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  This settlement involves the breach of unsecured electronic protected health information (ePHI) of 17,500 individuals who were patients at an ISU clinic.”

 

If you think your practice is under the radar, think again! HIPAA audits can be kicked-off by disgruntled employees, HIPAA-savvy patients, or perhaps another healthcare provider who may make a complaint. The government is obligated to investigate every complaint, even if suspected untrue.

HIPAA Omnibus Rule is not going to go away, a HIPAA compliance company that will guide you through the twists and turns of compliance will be your greatest asset to protect your practice. Look for a compliance training company that will be your advocate in this cumbersome process. A company that will make compliance easy and stands by you when you need them to. Don’t leave yourself open and ripe for the picking!

 

Written by Jill Obrochta and Heather Whitt of Dental Enhancements

 

Featured, HIPAA, News and Blog

Top 10 HIPAA Compliance Requirements

Leave a comment

 

If you need to put some “hip” into your dental offices HIPAA Compliance, listen up!  HIPAA law all changed as of September 23, 2013.  The government took 500 pages of HIPAA that existed in January of 2012— added 80 more pages and combined the two sets to create the new HIPAA Omnibus Rules.  These new HIPAA mandates were due to be functioning within all USA healthcare facilities by September 23, 2013.  Here is what is important:

 

1.   A HIPAA Manual—written to the new Omnibus Rule standard.

2.  Proof-of-Employee Training— a training session with particular components needs to be presented to each employee and all employees need to sign-off that they were trained.

3.  Employee Confidentiality Agreements—these need to be kept on file for each employee too.

4.  Business Vendor Confidentiality Agreements—Business Vendors who “see or use your Patient PHI” need to sign these agreements to protect your patient’s PHI.

5.  New Patient Paperwork

6.  New Business Protocols with regards to handling Patient Protected Health Information (PHI).

7.  New protocols for handling PHI within your computer systems and email—A good HIPAA training company will interface with your IT tech or Dental software company on this one.

8.  New Requirements to Upgrade Microsoft XP to more current HIPAA supported versions.

9.  New Breach Reporting Protocols—you need to know how to handle accidental or misguided mis-use of patient PHI and how to report it promptly.  

10.   New Daily Data Back-Up Requirements—again you will need some interface with your IT Tech or dental software company for this one.  HIPAA Training coaches or your dental supplier can also help explain these requirements.

 

Is your head spinning right about now?  It should be!  The Omnibus Rules are pretty intense.  So are the fines for non-compliance (ranging from $10,000 – $1.5M)

What is an Omnibus anyway?  By definition “omnibus”  means “previous published parts combined to create a new volume”.  Funny enough comic book series are written and republished in this fashion.  But, truly, this is no joke!  The new HIPAA Omnibus Rules (also referred to as “the Final Rule”) are pretty serious.  If you need help wrapping your head around all of this, be sure to choose a compliance company that offers a Complete HIPAA Training Solution.

One that offers: training , paperwork, electronic versions of required forms, new HIPAA manual written to the new Final Rule Standard and guided help if you need it.

 

A great comprehensive training package that will give you everything you need and help you breathe a sigh of relief (as you can speak directly with a HIPAA exert as you implement this stuff) is crucial!

 

Get “hip” to the new HIPAA Omnibus Rules.  The risk for non-compliance is just too costly.

 

Written by Jill Obrochta & Heather Whitt of Dental Enhancements.