Decoding HIPAA: How to be compliant without losing your mind.

HIPAA Has Two Parts

1-      HIPAA Privacy – provides individuals with a legal & enforceable right to see and receive copies of PHI

2-      HIPPA Security – requires physicians to protect patients’ electronically stored, protected health information (known as “ePHI”) by using appropriate administrative, physical, and technical safeguards

What does this mean for you?  I get notifications from the HHS Office for Civil Rights (they manage HIPA enforcement), and there are two main things healthcare providers are being fined for

1-      Not giving patients access to their PHI when they request it.  (HIPAA Privacy)

2-      Not having completed a Security Risk Assessment.  (HIPAA Security)

Being compliant with these is quite easy.

1-      Have records request policies and procedures and follow them.  This is as easy as requiring them to fill out a form that tells you what they are requesting and where it should be sent. Then the office sends the needed information promptly.

2-      Back in the day, a Security Risk Assessment was very confusing and challenging to complete; a few hundred pages needed to be completed it was confusing and cumbersome.  Now HHS has provided everyone with a free tool to complete the Security Risk Assessment (sometimes referred to as an analysis)

Need help? Breakthrough Coaching has resources to help you with both aspects of HIPAA.

1-      We have a HIPAA complaint records request form and records request policies and procedures. BTC resource: Form 1167

2-      Video instructions on how to easily complete a HIPAA Risk Assessment for the first time and update it annually in just minutes. BTC resource: AVM 950A-D