By Aris Medical Solutions
I am sure you have seen the recent HIPAA fines from the Office for Civil Rights (OCR). HIPAA enforcement is like never before and the fines are fierce. We knew this day would come and it has.
We are encouraging all medical practices and business associates to make sure you have all of your HIPAA compliance policies, procedures, and documentation implemented. When you are audited is not the time to discover you forgot something. The OCR is not being very kind.
When you are reviewing your HIPAA policies and procedures and deciding whether or not to implement the “Addressable” standards, be careful. Addressable is NOT optional; you must have reasonable and appropriate safeguards in place. Since there is not enough case law on record, this is a gray area. Just be careful you do not fall into the big black hole! Also, do not skip over any “Required” standards. These are required no matter what size your organization is.
We are seeing fines like $750K for neglecting to have a Business Associate Agreement (BAA) in place before data was released and a $650K fine for a lost IPhone that was not encrypted. Make sure you not only have BAAs in place but the business associate is in fact HIPAA compliant. This the responsibility of each practice. HIPAA enforcement is here and it is not going away anytime soon.
If you are one of the many organizations that simply do not have the time to do this, you are not alone. We offer a full range of services from a Do-It-Yourself HIPAA program to a Full HIPAA Implementation package. Call Aris at 877.659.2467 or click here to schedule a demo.
“Protecting Organizations through Partnership, Education, and Support”
