Protecting Against A HIPAA Breach

April 15th, 2015 - By PrognoCIS Marketing

Despite recent changes to the Health Insurance Portability and Accountability Act (HIPAA) that may put more practices at risk, many have not yet established proper defense against data breaches.

HIPAA privacy rules establish standards for the handling and use of patient health information (PHI). These standards protect the integrity of PHI and require authorization to share information between practices and healthcare organizations.

Unfortunately, many practices do not yet possess a complete HIPAA security and privacy compliance program. Supporting HIPAA security and privacy is a necessity for virtually all practices. Making HIPAA compliance part of the practice’s strategy will improve operations, making the organization both more reliable and effective.

HIPAA in the practice
In some practices, the Notice of Privacy Practices (NPP) is years old or taken from another practice. Like other HIPAA compliance tools, the Notice of Privacy Practices should be customizable. Any NPP created before 2013 needs to be updated. Adding an EHR to the practice, changing procedures, or using new service plans may also call for an updated NPP.

HIPAA requires that practices maintain all documentation on HIPAA policies and procedures used to comply with the requirements. A practice should customize these policies and procedures to accommodate their strengths and weaknesses. Policies and procedures will differ for a variety of service, operational and technical issues.

HIPAA also requires a privacy officer to monitor HIPAA privacy compliance and a security officer for HIPAA security. In smaller practices, one individual may take on both responsibilities. These officers are responsible for current documents, training, and compliance, as well as any and all HIPAA problems. These HIPAA privacy and security officers need to be well trained and closely involved in developing the compliance program for the practice. The officers must adapt as the practice evolves to meet changes in the healthcare industry.

Staff and doctors must undergo training on practice-specific issues when they are hired and complete refresher courses on a periodic basis. Using web meeting services and other technologies, practices can record a training session to support the HIPAA training requirements. However, it must be noted that general HIPAA training on the Internet may not address any practice-specific problems.

Dealing with a breach
A HIPAA breach is defined as the procurement, access, use, or release of PHI that is not permitted by HIPAA privacy rules. How a practice handles impermissible use and disclosures could be used to determine the nature of an actual breach. This can also reflect on HIPAA compliance. Any analysis of HIPAA compliance could include a review of impermissible use and disclosure as well as a look at the practice’s policies and procedures, training records, and risk assessments. If documentation is poor, outdated, or has avoided acknowledgment of breaches, then a practice could be at risk for greater financial penalties.

Meeting security standards
One of the more challenging problems for many practices is meeting the HIPAA security requirements. To meet HIPAA security standards, practices must perform a HIPAA security risk analysis. This analysis is also a Meaningful Use requirement.

Some practices think that use of an EHR alone fulfills the requirement. However, failure to perform an adequate assessment can result in returning meaningful use incentives or HIPAA financial penalties. has an assessment tool that practices may want to consider. Practices should customize the tool to address the specifics of their organization or practice.

Failure to comply with HIPAA standards and procedures could ultimately result in HIPAA violations and financial penalties.

Author: Lauren Daniels

Interested in seeing more?

PrognoCIS is an extremely adaptable and easily configurable EHR system.- Simple enough to make even the most complex tasks easy and efficient. We will be delighted to show you how it works, the available options, and how Prognocis can save time and frustration.

We offer extensive library of templates easily customized as per your requirements

We have designed a robust, secure, and efficient EHR for you and welcome the opportunity to have you as our valued customer.

Please fill your details with the best contact email and phone number.
We look forward to talking with you.

Need Help?
We're Here To Assist You

Would you like to see an example of this?

Feel free to contact us, and I will be more than happy to answer all of your questions.

Receive the latest news

Subscribe To Our Newsletter

PrognoCIS Demo

We would like to invite you to take a demonstration of PrognoCIS EHR to fully appreciate the depth of content, features and simplicity of use.

Please choose your preferred method of contact.