HIPAA Compliance: Dos & Don’ts Every Business Needs to Know
Did you know that an average of 59 healthcare data breaches are reported monthly? According to statistics, this is an alarming new record for HIPAA breaches – here’s a look at why HIPAA matters and how you might improve your company’s HIPAA compliance.
What is HIPAA compliance?
HIPAA compliance is a strategy you should have in place to ensure you’re following the privacy safeguarding obligations set out in the Health Insurance Portability and Accountability Act (HIPAA).
- You must comply with HIPAA if your company handles “protected health information” (PHI).
- PHI includes medical records and other personally identifiable data such as names, telephone numbers, and Social Security numbers.
HIPAA protects patients – not organizations. So, suppose you fail to comply with one or more HIPAA provisions. In that case, whether it’s a deliberate or accidental violation, you face significant financial penalties and even criminal charges in the most severe situations where individuals deliberately break HIPAA rules. The good news is that you can avoid these penalties if you know the dos and don’ts of HIPAA compliance.
Dos of HIPAA compliance
To improve your HIPAA compliance, here are four good practices to follow.
Educate staff
Worryingly, one in five employees can’t spot the difference between real and fake emails, leaving your organization vulnerable to phishing scams and ransomware. Get help from a security services provider to ensure your staff understands their HIPAA obligations and common cybersecurity threats.
Review policies regularly
Review your cybersecurity policies regularly – at least once every six months or so. If you identify weaknesses, such as outdated security software or documentation, devise a plan for remedying the problem.
Perform HIPAA audits
Perform a HIPAA compliance audit at least once per year or when you make significant changes to your processes. A managed services provider can help if you’re unsure what’s required.
Report breaches
There’s a HIPAA requirement to report breaches. You must report breaches affecting 500 or more individuals as soon as possible, and smaller violations should be reported in a timely manner (at least within the calendar year you discovered the breach).
Don’ts of HIPAA compliance
HIPAA compliance often comes down to avoiding certain bad practices, so here’s what not to do.
Forget insurance
Cyber liability insurance can help protect you from internet-based risks like hacks and data breaches. Always have comprehensive insurance in place to cover your business.
Browse records without a reason
Under HIPAA, you should only access records for a work-related reason, so don’t view medical records without a just cause.
Leave devices unattended
Keep PHI private by locking computer screens and portable devices when they’re left unattended – even if it’s just for a few minutes.
Forget good security practices
Simple steps like using multi-factor authentication, encryption, and strong passwords can improve your cybersecurity and protect PHI.
Get help with HIPAA compliance
HIPAA is a complex privacy law, and it’s not always easy to make sense of your HIPAA compliance obligations. To avoid financial penalties, loss of income, reputation damage, and other significant sanctions, it’s often worth partnering with an IT provider who understands the regulations and knows how to design an effective compliance strategy for your organization. To learn more about how CTSI can help, contact our team today.
