Views & Analysis from our Experts
bd-blog-hd-hires2.png

How Healthy is Your Organization’s HIPAA Compliance?

Over the course of its day-to-day operations, every organization acquires, stores, and transmits Protected Health Information (PHI), including names, email addresses, phone numbers, account numbers, and social security numbers.

Yet the security of each organization’s PHI varies dramatically, as does its need for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Organizations that meet the definition of a covered entity or business associate under HIPAA must comply with requirements to protect the privacy and security of health information.

Noncompliance can have devastating consequences for an organization, including:

Civil violations, with fines ranging from $100 to $50,000 per violation
Criminal penalties, with fines ranging from around $50,000 to $250,000, plus imprisonment

All it takes is just one security or privacy breach. As breaches of all kinds continue to rise, this may be the perfect time to evaluate the health of your organization’s HIPAA compliance. To keep in compliance and minimize your risk of a breach, your organization should have:

An up-to-date and comprehensive HIPAA security and privacy plan
Comprehensive HIPAA training for employees
Staff who are aware of all PHI categories
Sufficiently encrypted devices and strong password policies

If your organization doesn’t have these safeguards in place, it’s time to start preparing for the worst — and undergo a HIPAA health check.

HIPAA Health Check: A Thorough Diagnosis

Organizations need to understand what they have in place, and where they need to bolster their practice. Here are a variety of fact-finding methods and tools we recommend, including (but not limited to):

Administrative, technical, and physical risk analyses
Policy, procedure, and business documentation reviews
Staff surveys and interviews
IT audits and testing of data security

Once you have diagnosed your organization’s “as-is” status, you need to move your organization toward the “to-be” status — that is, toward HIPAA compliance — by:

Prioritizing your HIPAA security and privacy risks
Developing tactics to mitigate those risks
Providing tools and tactics for security and privacy breach prevention and minimization
Creating or updating policies, procedures, and business documents, including a HIPAA security
and privacy plan

As each organization is different, there are many factors to consider as you go through these processes, and customize your approach to the HIPAA-compliance needs of your organization.

The Road to Wellness

An ounce of prevention is worth a pound of cure. Don’t let a security or privacy breach jump-start the compliance process. Reach out to us for a HIPAA health check. Contact us if you have any questions on how to get your organization on the road to wellness.

Leave a comment

STAY CONNECTED