Advancements in information technology mean medical data is being stored in new ways. Gone are the days of massive filing cabinets and binders that hold paper health…
A federal upgrade is underway for HIPAA Regulations. Healthcare organizations need to put in place an effective index of compliance standards for personnel to adhere to.
HIPAA, the Health Insurance Portability and Accountability Act, provides privacy standards that protect medical records and PHI (protected health information).
Handling protected health information requires compliance. Organizations must familiarize their staff members with the HIPAA Compliance Checklist 2018.
HIPAA Compliance Checklist 2018
This checklist details the rules concerning privacy, security, and breach. These rules help healthcare organizations maintain effectiveness and efficiency.
Electronic Health Records (EHR & EMR) must be HIPAA compliant
In the past, providers stored patient medical records in onsite and offsite storage. This form of PHI storing still exists.
Currently, health providers use web-based EHR and EMR to store patient medical records. HIPAA regulates who can access and retrieve these records. They also manage how this information is electronically stored.
EHR was designed to minimize medical errors. Because of the risk of bad data, HIPAA requires providers use HIPAA standard software.
As an incentive, the HITECH Act (Health Information Technology for Economic and Clinical Health) was created to assist providers with purchasing compliant EHR or EMR software. This stimulus provides $44,000+ to physicians who comply.
Security defined by HIPAA breaks down into four technical standards. These levels align with administrative and physical safeguards, ensuring protection of patient information.
- Access. Providers must implement procedure limiting access to electronic PHI to authorized personnel only.
- A/C (Audit Controls). Hardware or software must be available to document access in IS (Information Systems). All entries to electronic protected health information require recording.
- Integrity Controls. Controls that ensure electronic PHI is not manipulated or improperly destroyed.
- Transmission Security. Technical security procedures must be in place to protect unauthorized access to e-PHI.
These standards focus on the technology behind protective measures used to safeguard PHI.
Impermissible disclosure of protected health information is a breach. Breaches disrupt the security and privacy of PHI.
In the event of a breach, covered entities must supply affected individuals with a notice of breach. As well, this notice must be released to the Secretary and members of the media.
Affected persons have to be notified in writing by mail or e-mail (if opted in). A provider can not have outdated contact information for more than 10 people. If so, they are required to post a notice on their website homepage for 90 days or put it in the newspaper. The notice should also include a toll-free number.
HIPAA Violations range from $100 to $50,000 per violation–$1.5 million being the annual maximum. In some cases, criminal charges are invoked by the Department of Justice. A covered entity could be fined and sentenced to 10 years in prison, depending on the severity of the breach.
Understand the complexities concerning protected health information. Patients have rights. It is the duty of healthcare organizations to ensure they honor these rights as outlined in the HIPAA Compliance Checklist 2018.
Read through our case studies to get a first-hand glimpse into our IT Services.