Will I get caught with my pants down – What catches most doctors off guard- HIPAA On Demand
Original webinar recorded 3/17/2016 SPECIAL OFFER within WEBINAR is no Longer Available
“I have an authorization form that patients sign before releasing information and they can’t see my computer screens or files so I am okay with HIPAA!” WRONG!
Ignorance is no excuse under the law.
HIPAA has vastly increased their enforcement functions!
People are being audited: due to meaningful use attestation of electronic medical records, as well as record numbers of patient complaints to Health and Human Services about HIPAA violations and implementation of random “desk” audits by the office of civil rights (amongst other reasons).
You must meet all of the HIPAA standards or you could fall in the category called willful neglect that has a minimum $50,000 fine- non-negotiable, up to $1.5 million.
A quick review of some of the highlights you need: an adequate HIPAA risk analysis (or you do not have a HIPAA program at all per Washington DC!), A current, up-to-date and periodically reviewed and documented ISAR (now demanded on every meaningful use phase 2 audit which will include 100% of doctors, per Washington DC), a written contingency plan with data recovery and emergency mode operation plus a copy held by an individual off-site from the clinic, an annual audit of your entire HIPAA program, all Omnibus rules of 2013 are required to be functioning in your office– these update rules were created to plug the holes regarding the use of a patient privacy notice, to redefine business Associates who store or transmit your information and must be contracted and for other areas where they were having problems with breaches, therefore they are looking for these to be functioning in all offices or fines will be likely!…
This just scratches the surface! Please be on the webinar to learn about other standards that must be met to avoid major, massive fines!
Why am I hearing so much about HIPAA all of a sudden?
- Ever take charts home? Last week a physician healthcare service was fined $289,000 for an office manager transporting patient charts in their car and keeping them at home without the appropriate HIPAA policies in place, as well as not meeting the requirements for transportation and storage of private health information.
- Do you transmit any of your patient health information to a vendor or allow them to access private health information? (electronic medical records company, billing service, chart notes software company, IT people who work on your equipment) January 2016 $250,000 fine against the largest dental billing service for failing to encrypt data– as well, all contracted dentists have HIPAA liability if they do not have the proper required business associate contracts in place- will you be a victim if this happens in chiropractic?
- HIPAA awarded an additional $4 million for 2016 budget to do random investigations of physician offices.The office of the Inspector General just investigated the office of Civil Rights (HIPAA enforcer ) and said they were not doing their job! Can you survive an audit- are you ready with your risk analysis (checklists are not adequate no matter what you’ve been told!), ISAR, typical hundred pages or so of policies, contingency plan with data recovery and emergency mode operation, physical plant security, and appropriate documented workforce training- as well as meeting an additional dozen HIPAA standards?
- 100% of electronic medical record users to be audited! Have or are you attesting for meaningful use phase 1 or phase 2? The government stated target is to audit 5 to 15% of doctors attesting to meaningful use phase 1 and a whopping 100% of doctors attesting to meaningful use phase 2-these Medicare sponsored audits are demanding a copy of your HIPAA compliant risk analysis and ISAR -every time! Plus, the government states if you don’t have a risk analysis you do not have a HIPAA program at all… the end period!