What is Enough to Satisfy HIPAA?

Active and up-to-date policies, procedures, a risk assessment and more. As CardioNet recently discovered, draft policies and procedures are not enough.

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

CardioNet, a wireless health services provider, paid $2.5 Million to settle a 2012 HIPAA violation.

In January 2012, a CardioNet employee’s laptop containing patient data was stolen.

Why the large fine?

The Office of Civil Rights (“OCR”) found that:

  • CardioNet did not have a complete risk assessment,
  • CardioNet’s security policies and procedures were in draft form only,
  • CardioNet was not following their policies and procedures, and
  • CardioNet did not have final policies and procedures for ePHI safeguards.

It is clear the OCR is very serious about having the required HIPAA policies and procedures current, tailored to the healthcare entity, and followed by all employees.

A HIPAA binder on a shelf simply won’t do.

How can you avoid a hefty fine at your practice?

Evaluate your current policies and procedures. Are they tailored for your practice? Do you follow them? Are employees aware of how to follow them?

Update your policies and procedures. Make sure they are compliant with HIPAA and that your office follows them.

Train all of your staff and employees regularly on all policies and HIPAA matters.

Make sure you recently performed a HIPAA risk assessment. Check that your inventory is up to date.

The best way to avoid hefty fines is through encryption. If possible, encrypt all protected health information to protect patient data, and your practice.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, click here to Subscribe.

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.