The Four Fundamentals of HIPAA

​In 2015, the Office of Civil Rights issued $6 million in fines. In 2016, that number increased to $23 million, a 283 percent jump. So far in 2017, they have issued $17 million in fines with the projection of upward growth.  
Why are all these fines being issued? Lack of a HIPAA compliance program for businesses. Most fines stem from not understanding and implementing the four fundamentals of HIPAA listed below. If you think those numbers seem like a good reason to get your business on track to be HIPAA compliant, you’re right. Read about the four fundamental steps to get your business on the track.

1. Compliance Team: The first step is to assign someone within the office to oversee the HIPAA compliance. When this responsibility is assigned it must be documented so the Office of Civil Rights will be aware if they were to audit your business. The compliance officer will need to receive proper training and evidence will need to be provided for this training occurred.
2. HIPAA Policy and Procedures: Not having policy and procedures in place within your office is a top reason for fines. Your policies and procedures need to be created, shared with employees and documented. At a minimum, the policies will need to be reviewed on an annual basis. You must create the policies structured for your practice or business, and be active in updating, sharing them with employees and documenting this activity.
3. Workforce Training and Awareness: Training will need to be provided to anyone on staff who handles or is in contact with patient records. Once training and updates are provided to staff, records of training should be tracked. There will need to be regular reviews and retesting to ensure understanding and compliance.
4. Security and Risk Assessment: You’ll want to take the time to ask questions about security. Are cabinets that store patient information locked? Are computers password protected? Are doors locked so unauthorized personnel can’t get into medical records? The HIPAA compliance officer must make sure security and risk assessments are completed on a regular basis.

If you’re looking for an easy to use solution to ensure HIPAA compliance, HIPAAwise is your answer! At HIPAAwise, our goal is to simplify the compliance process with our web-based program. To see HIPAAwise for yourself sign up for our free trial and discover how simple it can be to become HIPAA compliant! For any other questions, please contact us here.