Well, are you HIPAA compliant? If not you might have some problems shortly because you should have been compliant by now with a comprehensive HIPAA policy written up and all the procedures and processes in place that are needed to comply. You should have regular review meetings set up and a remedial action policy formulated in the case of any non-conformities found during internal audits.
Is all this a foreign language to you? If so, then you have a lot of work to do quickly! All businesses and business associates to which HIPAA applies should have been compliant for some years now, and new businesses should have compliance built into their structure.
In fact, it is lot easier for a new health business to become HIPAA compliant than an existing business, because there are no ingrained practices to train out of your staff, and there is no need to rewrite processes and procedures relating to storage, dissemination and security of health records.
Don’t Ignore the latest Omnibus Rules
The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.
“Much has changed in health care since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”
The changes in the final rulemaking provide the public with increased protection and control of personal health information. The HIPAA Privacy and Security Rules have focused on health care providers, health plans and other entities that process health insurance claims. The changes announced today expand many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured health information must be reported to HHS.
Individual rights are expanded in important ways. Patients can ask for a copy of their electronic medical record in an electronic form. When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan. The final omnibus rule sets new limits on how information is used and disclosed for marketing and fundraising purposes and prohibits the sale of an individuals’ health information without their permission.
“This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented,” said HHS Office for Civil Rights Director Leon Rodriguez. “These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.”
A big mistake: make sure you check out these regulations and be certain that you have not changes to make to comply. These regulate the electronic transmission of certain records relating to health care claims and payments, heath insurance payroll deductions, benefit enrollment and some others that you must make yourself aware of in case HIPAA 5010 relates to you.
Being HIPAA Compliant: The Benefits
That said, what does it mean to your company to be HIPAA compliant? In seeking compliance you should not be looking for benefits for yourself but for your customers and clients. The intention of HIPAA is to improve the security of the private health information of patients of health services referred to as covered entities such as hospitals, physicians, surgeons, dentists, pharmacists, health insurers and so on, and also those that these professionals deal with, known as business associates, who may also have access to such private records.
Business associates include health software providers, data storage services, cleaning services with access to rooms where records are stored, maintenance staff, billing services, payment collection services and on and on. The benefit is to the patient, nobody else, although those business that are HIPAA compliant can benefit by being so.
For example, one of the questions a new patient or client could ask is whether or not your business, hospital or surgery is fully compliant. You will have little chance of securing new customers if you cannot confirm and perhaps also prove that you are. Just as quality management conformance benefited many manufacturing and service industries in securing new customers, so too should HIPAA compliance enable you to get new patients to your surgery or hospital.
Another benefit, if you could call it that, is in avoiding punishment for non-compliance. Unlike the voluntary quality management system ISO 9001, HIPAA is mandatory, and if the health service you are providing is not compliant now then you are liable to fined. However, it would be wrong to consider avoiding punishment to be a benefit, because that is just the same as saying the benefit of not stealing is to avoid being caught thieving.
Credibility of Being HIPAA Compliant
While that may very well be the case for some people, probably the greatest benefit to your business of being HIPAA compliant is your credibility. BY demonstrating that their health records are safe in your hands you will do a lot more for your business, surgery or hospital than any amount of advertising. If people believe that you can be trusted then they will give you their business, and in the USA that can be a lot of business in terms of doctor or dental patients.
There is a great deal of competition, including between third-party suppliers such as software, waste disposal and service facilities. If these businesses can demonstrate that they are already HIPAA compliant and that their system can seamlessly integrate with yours then you will be more likely to offer them the contract than a business that has not yet reached that position.
Compliance offers you a number of benefits, some of which you get by avoiding the consequences of non-compliance! The most beneficial reward of being HIPAA compliant, however, is likely the credibility and stature you gain in the eyes of your patients, customers and clients. This can only be beneficial to your practice or business, and love it or hate it, HIPAA can do a lot for you if you simply comply.