3 HIPAA Rules You're Probably Not Complying With


3 HIPAA Rules You're Probably Not Complying With

HIPAA compliance can be a very complex issue. Here are 3 simple steps you can take today to improve your compliance program.

1. Is your website secure? If your website allows patietns to request an appointment and provide details about their condition (such as a "Reason For Appointment" field, or "Message"), this information beomes ePHI. If you don't have an SSL certificate on your appointment request page (the lock icon next to your website address), you're in violation of a HIPAA security rule. You can purchase an SSL certificate for as little as $10/year, and fix this problem today.

1. Do people within your company have access to patient records that they don't need? Accessing the health records of patients for reasons other than those permitted by the Privacy Rule – treatment, payment, and healthcare operations – is a violation of patient privacy. Snooping on healthcare records of family, friends, neighbors, co-workers, and celebrities is one of the most common HIPAA violations committed by employees. When discovered, these violations usually result in termination of employment but could also result in criminal charges for the employee concerned. Restrict access to patient records to employees that truly need access.

3. Failure to Enter into a HIPAA-Compliant Business Associate Agreement. All vendors that are provided with or given access to PHI is another of the most common HIPAA violations are required to sign a Business Associate Agreement (BA Agreement), and you are required to have this on file. Practical examples of companies who must have signed a BA include your IT or tech vendors, medical billing services, cloud storage providers, accountants, attorneys, shredding services, website hosting companies, answering services, marketing agencies, and more.

Creating a custom Business Associate agreement for your practice can be time consuming, and hiring a consultant or outside company to create one can cost thousands of dollars.
Fortunately, PracticeCOMMAND has an excellent Business Associate agreement handbook template for medical practices that can be downloaded as a Word document, allowing you to edit the template as needed.
Simply click here to create your free account, and download our Business Associate Agreement template from our free resource center. You'll also get instant access to amazing discounts on everything from FedEx to VOIP phone systems, and the ability to shop for products from hundreds of vendors, compare prices and check out all in one place!