Michael Johnson , September 15, 2017

Make sure you are!

OCR’s new enforcement head is watching you more closely, and changes are coming in 2018!

HIPAA Compliant

Federal HIPAA administrators are ready for action: they’re on the lookout for organizations that aren’t staying up to date with changing regulations. Learn what it takes to stay safe and compliant.

Have you ever had a teacher or boss who went out of their way to make an example of someone? –Catching them in the act of something what was wrong or against the rules?

That’s exactly what the new head of the Office of Civil Rights is doing in his search for a “big, juicy, egregious” breach case. He’s out to make an example of one unlucky organization! This means it’s incredibly important for you to review your HIPAA compliance procedures.

The Increasing Complexity of HIPAA Regulations

Healthcare entities are always focused on patient-centered care, but now they’re increasingly distracted by ever-changing HIPAA regulations and compliance.

The life-saving treatment of patients is being helped with new technologies, but with a renewed focus on keeping patient data private, healthcare providers are more overwhelmed than ever. And, it’s the smaller practices that are staggering under the administrative burden of rules and regulations imposed by the federal government.

Costly and complicated IT systems are required to keep pace with the HIPAA information requirements, and interoperability of data standards continue to be serious barriers to full compliance.

The Continually Changing Requirements

Even though the Health Insurance Portability and Accountability Act was enacted on August 21, 1996, there continue to be changed to the requirements added on a regular basis. Major regulatory changes are coming in 2018 that will fundamentally change the way you can record a patient’s medical condition.  This will likely lead to many incorrect filings and compliance issues.

There’s been a 700% increase in the number of codes that must be used to record and report medical procedures, and it’s causing a spike in compliance issues as doctors attempt to make sense of the new conditions. The sheer volume of rules and regulations now exceeds the IRS codes, and are many times more complicated.

The Importance of HIPAA Compliance

All that said, HIPAA is an important part of keeping patient data secure, including PHI (Protected Health Information). Handling of this personally-identifiable information is dictated by a HIPAA rule that allows for release of relevant information to health care professionals tasked with the patient care, while providing higher level of security, data integrity and confidentiality.

Standards are applied to three different types of entities under HIPAA: health care providers, health plans and health care clearinghouses. Protected health information can be in writing, oral or electronic format – All three data types are covered under compliance guidelines.

If HIPAA standards and guidelines aren’t followed, there’s a strong possibility that your healthcare practice or organization will be found in default of government policies and required to pay a stiff fine and could incur additional penalties.

Evolving Threats

The Office of Civil Rights (OCR) is the enforcement agency for HIPAA compliance, and Roger Severino was named director of the regulatory agency in March 2017.

Severino has stated publicly that he is focused on finding new ways to safeguard patient health information that could be released via leaks such as ransomware, physical security breaches or cybersecurity lapses. He’s not being forthcoming about where his search for an egregious error will begin, simply that he will be reviewing all avenues where problems could occur.

With enforcement actions in 2017 exceeding $2.5 million to date due to a stolen laptop computer, it’s unlikely that he will have to look very far or very hard to find a case of sufficient magnitude for his needs.

Organizational Impact

Data breaches themselves can be incredibly expensive due to the requirements for notification of affected individuals. When you add in any damage to consumer trust, the cost of creating a remedy for the breach and compliance costs, the impact can be significant on any size organization.

The OCR is not simply looking for large offenders, they are also actively targeting smaller businesses and practices that may not have the benefit of support from a large technology or office staff to maintain compliance.

The growing threats in the cybersecurity landscape have caused enforcement agencies to continuously look for ways to encourage compliance.

If you have concerns about whether your organization is fully compliant with HIPAA standards, contact InfiNet Solutions at (402) 895--5777 or via email to info@omahait.com. We specialize in creating standardized practices and procedures that will help you maintain conformity with federal guidelines such as HIPAA.