Being HIPAA compliant is a nuisance for many businesses. In a digital world with cloud-based solutions, security and compliance are two of the biggest concerns of the SMB owner. Rightfully so.
While HIPAA’s implementation has been problematic, the last year has provided some much needed clarity regarding requirements. However, there are still a few areas in which offices are not compliant and they are paying the price. It is not a matter of negligence, but a lack of understanding.
If you are still uncertain which parts of your IT are non-compliant, don’t panic. You are not alone. Most offices who have not elected to hire a managed service provider for their IT needs are also falling short of total compliance.
While there is no equivalent to hiring an MSP,
these four facts can save you additional headaches in your relationship with HIPAA:
It is not just medical practices, healthcare clearinghouses and health plan organizations that are required to be HIPAA-compliant. Any other business that has access to protected health information is legally obligated to be HIPAA-compliant. This includes any accounting or law firms you work with that may already be accessing your files electronically. The best way to avoid potential trouble is asking them if they are indeed HIPAA-compliant. If they are not, cease all access to files and make sure they take action to correct this issue immediately.
If your office has individually identifiable ePHI data sets on-site, such as billing records, appointment information and test results, they must be kept on HIPAA-compliant devices and servers. A lot of medical practices that use cloud-based storage for their EHRs overlook this fact.
While it’s good to have your EHRs ready to go on the cloud, make sure the rest of your ePHI data is protected as well. If it isn’t, you could be facing a costly fine. Once again (the underlying theme should be obvious by now) the advisement of IT-specialist is the best way to avoid being fined. The ideal solution is an MSP, as they constantly monitor the state of your IT, therefore ensuring you are never out of compliance in the first place.
A trend prevailing in the IT-sphere is the increase in practices that are investing in Telehealth or mHealth. If you are among those doing so you need to make sure it is HIPAA-compliant.
While most telehealth technology is HIPAA-approved, you might be required to enact one or two measures to make it compliant. An IT specialist should have no problem making sure your telehealth is up to code. It is strongly recommended that you take advantage of an MSP for this, as opposed to an IT consultant.
On the other hand, mHealth might be a little more problematic.
We are seeing an increase in hardware and apps that assist users in keeping track of their health and wellness (Fitbit, Apple Watch, S Health). While these are compliant, it is a field that is still relatively new and therefore, subject to constant changes. The best assurance in remaining compliant as they changes occur is regular consultation with an IT professional. They will easily be able to identify whether your mHealth is following necessary regulations.
By the year 2015 almost all practices have a website. Assuming you are not one of those practices who refuse to step into the 21st century, you must keep a copy of your updated protected health information online. HIPAA’s rules dictate that patients must have access to this information. If you have a website and this information is not currently posted, we strongly urge you to get this done immediately in order to avoid problems and fines.
As technology evolves, so do HIPAA requirements. This is yet another reason why attaining the services and protection of an MSP is crucial.
Still not sure if you’re 100% HIPAA-compliant?
At Delaney Computer Services, our team of experts can analyze your current situation and take corrective measures to ensure you are not at risk of any legal or financial penalties. Just call 844-TECHIES - your IT can be one less item on your list of worries.