Many healthcare providers are gearing up in 2015 for the HIPAA enforcement that’s slotted to take place throughout the year. In fact, the Office of Civil Rights (OCR) anticipates receiving 17,000+ complaints this year filed for breaches of private patient information.
As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)–so the problem of data breaches is very real.
Enforcement can come with serious fines for violations, too. Accidental violations can cost anywhere from $100-$50,000…even on the first offense.
So what should you be on the lookout for? In this post, we’ll discuss some of the main areas you should beef up security around to prepare for HIPAA enforcement.
1. Update your policies and procedures
The policies and procedures you have need to be updated and checked on a monthly basis to ensure they are accurate within the ever-changing world of HIPAA compliance. These materials serve as the guiding light for employees who work with sensitive information–and unless they have the most up-to-date training and resources available, violations can come without even knowing it.
2. Encrypt data
All patient information should be encrypted both at rest and when it is transported. One of the easiest ways for a breach to occur is by letting patient information be exposed or left in plain sight. Keep patient information safe and take extra pro cautions such as adding tints to your device screens and making sure they lock quickly if left idle.
3. Train Often
Make sure your staff stays fresh with HIPAA regulations by providing on-going training courses that help them retain information. This might come in the form of in-house meetings, webinars, or eLearning courses that use scenario based learning to increase retention rates.
4. Assess your risk
Performing an audit of your HIPAA compliance before an audit comes up will help you eliminate any areas in which you run a risk of being fined for a violation. While this not only helps you improve your security measures, it also means you’re proactively protecting your patients.
Rumor has it that Phase 2 of the HIPAA audits will focus on documentation. Prepare yourself by making sure your documentation ducks are in a row.
Accidents can happen despite our best attempts, but being prepared and conducting an organizational analysis before trouble hits will mitigate your risk (and help you sleep at night.) With a few easy tactics, you can rest easy that your HIPAA enforcement is 100% accurate.