Achieving and maintaining compliance with HIPAA’s complex patient information privacy regulations is one more time-consuming chore adding to the workloads of already overburdened medical office staffs. Between the Affordable Care Act, HIPAA’s new Omnibus Rule and changes to Medicare and Medicaid, the flurry of new paperwork threatens to overwhelm physician and dental practices, taking staff time away from other important duties.
Dentistry IQ recently posted helpful tips on streamlining HIPAA-compliance procedures. In addition to designating a HIPAA-compliance officer and bringing all office policies and procedures into HIPAA compliance (see our previous post), medical office managers should find the following recommendations helpful:
3. Perform a risk analysis of all medical office practices and procedures with special attention to the handling of Electronic Protected Health Information (ePHI). Omnibus rules now require that you look for potential vulnerabilities not only in your primary in-house systems but also in business associate systems with which you interface. In addition to electronic record keeping, storage and transfer; your risk analysis should test the security of your medical call answering service and messaging service. To ensure that your medical practice remains in compliance with HIPAA requirements, an annual risk analysis is recommended so take time to establish a formal risk analysis plan that will stand the test of time.
4. Based on your risk assessment, create a documented mitigation plan that addresses the following:
Identification of potential risks
Likelihood of occurrence
Probable consequences to your medical practice
Steps to be taken should a breach occur
Estimated timeline to resolve problems created by a breach
5. Document everything. When HIPAA auditors show up, they will be demanding proof of compliance. Having a well-organized, well-documented plan in place will help you pass with flying colors.