2019 HIPAA Updates

 

As we start this new year we must reflect what we have learned from 2018 in order to make 2019 a success.

The Office for Civil Rights (OCR) has gained momentum in enforcing HIPAA violations. With that said HIPAA is an ongoing process and once is not enough. It is not considered done unless it is documented. At the annual conference this past year, the OCR admitted they are adamant on ensuring your patient’s information is protected. Therefore, you must document your compliance. If you say you did something, they will ask for your documentation. If you do not have documentation, you will be fined.

Companies located in United States are now required to adhere to the General Data Protection Regulation (GDPR) if they market goods and services to citizens of the European Union (EU). You must ensure the security of the data as well as inform visitors to your website how you intend to use their data. This must be clearly written in your privacy notice on website. This is not to be confused with your Notice of Privacy Practices that you give to your patients. If you plan on marketing to visitors from your website, you must offer them a free opt-out option. We could go on in more detail on this subject, but since many medical clinics do not market to international patients, you may contact us for more information.

Here are a few things to review and update as necessary:

  1. Risk analysis and risk management plan, this is your documentation to demonstrate what risks you have (had) and how you have mitigated them or plan to mitigate them.
  2. Replacing or updating any outdated technology, hardware and software require updates from time to time. You can be fined for utilizing outdated hardware/software that is no longer supported by the manufacturer.
  3. Adding a second authentication process for access to ePHI as well as for online personal accounts.
  4. HIPAA training, ensuring your employees understand how to protect your data is also part of this training.
  5. Making sure you have all of the necessary privacy and security policies, procedures, and forms in place. This means reading and dating them to demonstrate they were actually implemented.
  6. Retaining your documentation for the required time limit, including correspondence with patients that are considered to be part of their medical record.
  7. Reviewing your website, determining if your site collects any data and how it is transmitted and stored.

If you see something in your workplace that looks suspicious, tell your HIPAA Compliance Officer, you could be the one to prevent a data breach or stop a data breach from becoming a major breach (over 500 patient records). Keeping data secure is everyone’s business. Being mindful of our surroundings and educating others helps all of us in this crazy world we live in now!

To find out more about how our automated HIPAA compliance platform can help your organization click here:

https://arismedicalsolutions.com/aris-hipaa-service-automated-platform/

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”

 

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

Do you have all of your HIPAA training documented?

January 7, 2019

Malicious code, websites, and data breaches

March 15, 2019
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC