HIPAA Requirements and Software updates

Many medical providers are so busy trying to run a successful practice they sometimes forget the “technical” side of their business. Hackers know this and capitalize on it. Lately in the news, we have heard about Microsoft and Apple vulnerabilities that have been exploited by spammers and hackers. Therefore, it is SO important to stay on top of technology updates!

Most practices utilize an IT company of some sort, we recommend an IT company that specializes in network security. We do not recommend the practice trying to do this themselves unless the person assigned to the task is well versed in data security.

The Office for Civil Rights recommends an annual HIPAA risk analysis be conducted because technology changes so fast, by the time you implement a new system, an update is probably available. Speaking of the Office for Civil Rights, over the last few years, they have added hundreds of new auditors and now they are advertising for multiple new attorneys to enforce HIPAA. “Who May Apply: This vacancy announcement is open to all US Citizens and may be used to fill multiple positions”.

We have an automated HIPAA Compliance platform to help medical practices and their business associates with the daunting task up updating HIPAA compliance. To learn more about why you should and how to protect your data, read more below.

Over the last 12 years we have learned so much from our clients and have created a system that came out of their suggestions. For example, keeping all policies in one Step so you can easily scroll down to locate the one you need. Also, being able to view the state breach notification requirements. This is especially helpful for those practices that have multiple state locations or patients in more than one state. As we have been onboarding clients, we have had great feedback on the look and ease of use. Here is some information for your review.

Aris’ automated HIPAA system will enable your organization to maintain the HIPAA compliance documentation is an easy-to-follow format. As you know, it only takes one patient complaint, a disgruntled employee, or a data breach to start an investigation from the Office for Civil Rights (OCR) and they sometimes include the Office of Inspector General (OIG) and the Department of Justice (DOJ). Documentation is a main factor in avoiding a desk audit or passing an audit.

Our new system is better than ever, you have the ability to upload your own documents or implement and customize the ones that are included. Plus, as new rules and laws are introduced, we send out notifications of updates so you can review and approve the new policies. For instance, the Information Blocking rule is included, and we are watching for the other updates that are to follow. If you are not familiar with this, our new online HIPAA compliance system may be of interest to you.

Training your employees has never been easier, after you enter your employees during the onboarding process, you can send them to take an online HIPAA training course that is included. Once they complete the course, they will be required to take a short quiz and their certification of completion is conveniently stored within the system should you be audited.

The entire system educates the client every step of the way to ensure you understand what is required under HIPAA. If you have questions about HIPAA or need guidance, we offer a support ticketing system that is included with our monthly subscription.

Once you create your login, it is easy to navigate! In the Profile section, you will add employees, business associates, and electronic devices. You may use an excel spreadsheet to upload each section or enter individually. From here you can send employees the Confidentiality and Acceptable Use agreement via DocuSign to ensure employees understand what is acceptable and what is not permitted. If you do not have a business associate agreement in place will all your vendors, you have the option of sending one via DocuSign or printing a copy and sending one instead. The inventory list is a great way to keep track of which devices have had ePHI located on them, so you know the method to retire equipment when the time comes.

Step 1 – You will answer a series of questions to uncover risks and vulnerabilities. A risk management plan will be generated automatically that outlines what is needed to mitigate the vulnerabilities that were uncovered. You may modify what is recommended if you choose.

Step 2 – Security Incident Procedures and Breach Notification Plan. You will select which states your patients are located and the state law will automatically be populated. This plan also includes the links needed in the event of a data breach large or small.

Step 3 – You will be asked a series of questions about whether or not you have policies and procedures in place that meet the HIPAA Privacy and Security Rule requirements. Each policy will have a side note of education to ensure you understand what is required to be included. We suggest adopting the policies included and modify to meet your specific needs, then the policies are automatically dated and approved.

Step 4 – HIPAA Forms and Documentation. You may have forms you are already using; you may upload them to this Step to keep all your forms organized. There also many forms you may not be aware that is required under HIPAA, they are included and available for download in a Word format. You can customize them with your information and logo.

Step 5 – Business Associate agreements. During the creation of your profile, you are asked to add your business associates and upload any existing business associate agreements and HIPAA compliance documentation you may have. You have the option of sending a business associate a BA agreement via DocuSign or you may download a Word format and customize if needed. This is also useful if you have a Business Associate that uses Subcontractors, you would be able to use this document.

Step 6 – Contingency Plan. You may upload your own contingency plan, or you may choose to complete the one included in this Step.

Step 7 – This step contains a wealth of information. You can take a leisurely stroll to learn more about the HIPAA rules and other requirements that may affect your organization. You have the option to include which areas to include in your download. We also have a list of affiliates that you may need to complete your compliance requirements.

After you have completed the 7-Steps, you may simply download your package to share your policies and procedures with your employees.

To find out more about how our online HIPAA Keeper™ can help your organization with HIPAA Compliance click here:

https://arismedicalsolutions.com/aris-hipaa-compliance-system-for-medical-offices/

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

Introducing Our New HIPAA Compliance Platform

October 11, 2021

More fines for Providers for not providing timely right of access

December 15, 2021
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC