​Between January and May of 2016, 2,136,810 patient records we stolen and exposed in the United States. This exposure of patient health information can be blamed on security breaches, but do you know what constitutes a breach and how do you move forward if one happens?

A security breach is defined as the “acquisition, access, use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.” Most people probably think breaches occur when their system is hacked but in reality it can happen numerous ways including:

• Hacking/IT Incident
• Improper Disposal of PHI
• Unauthorized Access/Disclosure
• Theft and Loss of Laptops and Records

These breaches can occur by simply sending a fax or email to the wrong person, leaving your computer in your car and it’s stolen, or even opening an email with ransomware. That’s why it’s imperative for employees to be properly trained and to keep records of their training which can be done using HIPAAwise™ - The van Halem Group Solution.

​But on the unfortunate chance a breach happens to your organization what are the steps you need to take in order to mitigate the situation?  

1. Have a Plan in Place: The first step is to have a HIPAA Compliance Plan in place so your team knows what to do and the next steps to take. This can help ensure you remain in compliance and all requirements are met.
2. Assess the Situation: You’ll need to determine what actually happened, who it happened to, where and what type of breach was it and what PHI was compromised. Once you’ve reviewed this information you determine the next steps.
3. Contact the Correct People: Your office will need to contact the proper authorities if you believe criminal activity occurred. Your patients will also need to be notified about what happened. You’ll need to include the date of when the breach occurred and was discovered, what happened, what information was exposed, how they can protect themselves, what you’re doing to fix the breach and contact information.
4. Notify U.S. Department of Health and Human Services – You’ll lastly need to inform HHS of the breach. There are certain policies and procedures you’ll need to follow and that information can be found here.

Using HIPAAwise™ - The van Halem Group Solution, you can provided employees with awareness training, establish policies and procedures, keep track of breaches and create the required paper trail if your organization was to be audited. If you have any questions about HIPAAwise™ - The van Halem Group Solution please contact us here. 

Being aware and up to date with HIPAA compliance is critical no matter what sector of healthcare you work in. The proper education is key for keeping yourself and team up to date in an ever changing field. Learn more about the benefits of training and awareness concerning HIPAA.  

1. Better Compliance – This may seem like a no brainer but when you’re team is regularly trained and tested on compliance topics, they’re more likely to do what is required for compliance. Having your staff trained and tracking this training in a system like HIPAAwise allows for a document trail if your organization was to be audited.
2. Understanding of the Violations – Have your team become familiar with the types of violations that can occur. A great resource to share with your team is our ongoing list of HIPAA fines, found here, or have them take a look of breaches that occur throughout the nation, here.  For those who interact with patient records on a daily basis, being aware and trained in these situations would be beneficial for your organization.
3. Ever Changing Landscape – Those who work in the medical industry know that it’s ever changing landscape. That’s why it’s important to regularly send out emails or host meetings and trainings to provide information for any amendments to HIPAA regulation and how it can impact there every day duties.

When you use a program like HIPAAwise, you’re able to provide the ongoing training that is critical to stay compliant. Each quarter, employees that you select are notified for a review and then a quiz to help ensure they understand. This is all tracked within in HIPAAwise to create a paper trail if an audit was to happen. If you’d like to learn more about HIPAAwise and how it can help your organization remain HIPAA compliant, contact us here.  

As the saying goes, “Those who do not learn from history are doomed to repeat it.” Here at HIPAAwise, we’re firm believers of learning from history and taking that knowledge and using it to your advantage.

As you work to become HIPAA compliant you may wonder what you could be fined for or how patient health information could be involved in a breach. We understand HIPAA compliance can be confusing at times, and something may be overlooked which could be the difference between being fined and being in compliance.

To better help others understand, we have provided resources to review all HIPAA Fines imposed from 2015 to current. The most recent fines include the mishandling of patient information, the lack of understanding of HIPAA compliance, and no audit controls when employees are terminated or leave the company. To see the full list of the Office of Civil Rights click here. The settlement will take you to the Health Information Privacy for a longer description of the violation.

​In 2016, the number of security breaches increased 40 percent of over 2015. Breaches occur every day including, loss, theft, hacking or IT incidents and unauthorized access to patient information. Employees should be properly trained to help prevent breaches including but not limited to, knowing not to click on links from email addresses they aren’t familiar with, properly disposing of patient records, and working with business associates to ensure all policies and procedures are being followed properly. To view the list of Office of Civil Rights Breach Report, click here. Due to the sheer amount of breaches, you can filter by the type of breach in the top left hand corner.
​
If you’re looking to avoid situations found within the resources, sign up for a free trial with us. Our system is easy to use, and will take you beyond the four fundamentals of HIPAA, to ensure HIPAA compliance is met. If you have more questions please contact us here. 

​In 2015, the Office of Civil Rights issued $6 million in fines. In 2016, that number increased to $23 million, a 283 percent jump. So far in 2017, they have issued $17 million in fines with the projection of upward growth.  
Why are all these fines being issued? Lack of a HIPAA compliance program for businesses. Most fines stem from not understanding and implementing the four fundamentals of HIPAA listed below. If you think those numbers seem like a good reason to get your business on track to be HIPAA compliant, you’re right. Read about the four fundamental steps to get your business on the track.

1. Compliance Team: The first step is to assign someone within the office to oversee the HIPAA compliance. When this responsibility is assigned it must be documented so the Office of Civil Rights will be aware if they were to audit your business. The compliance officer will need to receive proper training and evidence will need to be provided for this training occurred.
2. HIPAA Policy and Procedures: Not having policy and procedures in place within your office is a top reason for fines. Your policies and procedures need to be created, shared with employees and documented. At a minimum, the policies will need to be reviewed on an annual basis. You must create the policies structured for your practice or business, and be active in updating, sharing them with employees and documenting this activity.
3. Workforce Training and Awareness: Training will need to be provided to anyone on staff who handles or is in contact with patient records. Once training and updates are provided to staff, records of training should be tracked. There will need to be regular reviews and retesting to ensure understanding and compliance.
4. Security and Risk Assessment: You’ll want to take the time to ask questions about security. Are cabinets that store patient information locked? Are computers password protected? Are doors locked so unauthorized personnel can’t get into medical records? The HIPAA compliance officer must make sure security and risk assessments are completed on a regular basis.

If you’re looking for an easy to use solution to ensure HIPAA compliance, HIPAAwise is your answer! At HIPAAwise, our goal is to simplify the compliance process with our web-based program. To see HIPAAwise for yourself sign up for our free trial and discover how simple it can be to become HIPAA compliant! For any other questions, please contact us here.