If a medical facility or doctor is found to be negligent in compliance, the repercussions can be severe. They can be as simple as losing clients or bad publicity which can be bad enough. The worst thing to happen is that the government can and will impose fines on the negligent party. Either way, it can mean problems for whatever medical facility or doctor doesn’t comply.
There are five things that a medical facility can do to stay HIPAA compliant. First, it’s important to note that ignorance of the law is not an excuse and an auditor will NOT take this as a reason for violation. That’s why it’s important to know and understand the guidelines while making sure staff is also trained for compliance.
This goes without saying. If the hospital or doctor’s office doesn’t know or understand the guidelines, they cannot be or stay compliant. This also means understanding and adhering to current guidelines while implementing new processes when they come out.
Training the staff is critical in being HIPAA compliant. This goes from the front desk worker checking people in to the executive sitting in the fancy office. No one is immune from knowing the guidelines that come with this important law. Start training early and keep it going throughout the year. Make sure new hires are trained properly as well. Again, ignorance of the law is not an excuse to an auditor.
This may sound simple but in today’s world of technology, it can be difficult. Medical records are meant to stay confidential and keeping them out of the hands of those who don’t need to or have a right to see them is a HUGE part of HIPAA. Electronic records should be kept password and virus protected as much as possible. Written records, if an office or hospital still keeps them should be guarded as well. Reasonable accommodations can be made. If a medical facility has any questions on confidentiality of records, the government can assist.
When it comes to disposing of records, it can be tricky. When it comes to paper files, a shredder should be used to dispose of the records. If an electronic system is used, all hard drives, thumb nails and mobile phones that can contain records should be destroyed. For hard drives, physically smashing them will do the trick. Thumb nail drives can be taken care of the same way if they cannot be completely wiped. As far as cell phones go, they should be cleaned out by the IT department before being given to other co-workers.
As stated in the previous paragraph, mobile devices should be wiped clean. The problem comes in when this isn’t done properly or a device is stolen. Encryption of the data is usually the best way to safeguard the sensitive information but it’s not fool proof. To that end, make every attempt to keep mobile devices out of the hands of non essential personnel.
When it comes to HIPPA compliance, every part of the process is important. Knowing and understanding the guidelines is just the first step. Training staff is also extremely important. If something does get into the wrong hands, have a plan in place to deal with it as soon as it occurs. Disposing of records in a manner that will keep information safe and handling mobile devices is also very important. In the end, making sure the medical facility is compliant with HIPAA will save a lot of headaches and money in the long run when an auditor comes to inspect records.