Wednesday, March 20, 2013

2013 - The Year for HIPAA Enforcement

Posted by Deborah Frazier, Healthcare IT Sales Manager of BlueWave Computing 678-387-5025.

On January 25th the new HIPAA Omnibus Bill was released.  This bill was in essence a marriage between The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009.

HIPAA Omnibus is a MAJOR Game Changer in the world of Healthcare IT.  Why? 

  1. The enforcements are in place and have already begun. 

  2. Practices are responsible for verifying their Business Associates (BA), and their BA's subcontractors, are HIPAA compliant.

  3. The monetary and civil penalties are substantial.

  4. The dependency on hosted services through EMR/EHR, Billing, Patient Management Software, will need to be migrated to a new solution if they are not HIPAA compliant.

  5. The practices will need to be HIPAA compliant to be part of a Health Information Exchange.

  6. Employees and Patients are reporting breaches to the OCR before they ever alert the practice.  Not only do they get a percentage of the fine, they are also protected from any retaliation. 
So it is not a question of if practices will be audited for HIPAA, but when.  Since we, BlueWave, established the  HIPAA program in 2011, I have spoken to several practices and business associates who were highly confused on what HIPAA actually meant.  During initial conversations most believed they were HIPAA compliant because they had a firewall, antivirus, or password protection.  However, when we peaked under the covers we found they did not have Privacy and Security Manuals, a risk analysis, contingency plans, encryption, etc.  In addition, they had no idea how far and deep the information trail went among their Business Associates and their subcontractors.

Unfortunately, there are no shortcuts to HIPAA compliance.  HIPAA is a very long, thoroughly thought out process. It is a process that will change your entire operations - the way you communicate with staff and patients, the way you safeguard the patient data, and even who you do business with. It is not something to be taken lightly or to sit on the shelf.
 
As the 25th largest IT Support Company in the World, BlueWave has a full comprehensive set of affordable services to help practices and their business associates get and stay compliant. This includes HIPAA Risk Assessments, Managed Security, Managed IT, Cloud Computing, Disaster Recovery, and Archived solutions. If you would like more information please call me, Deborah Frazier, at 678-387-5025.