Therapy Providers and HIPAA – What You Need to Know

As professionals in the medical world, you’re probably familiar with HIPAA legislation. This legislation was designed to help protect patients and their personal and medical information. While you may think your private practice isn’t on the radar of the Office of Civil Rights, private practices are actually more likely to be noncompliant than other entities. Here are a few tips to consider when becoming HIPAA complainant.

1.  Proper Training

Providing employees with proper education when it comes to handling protected health information is key in limiting breaches. In 2016, the No. 2 reason for data breaches were due to privilege misuse at 20.3 percent of all breach cases. Employees should understand their clearance when it comes to dealing with PHI and what to do when it falls in to the incorrect hands.

Human-error doesn’t fall far behind privilege misuse. Having employees trained on proper care for work computers and cell phones can prevent loss or stolen equipment. Proper disposal of medical records and information is a violation that is easily avoided with the correct training. There are numerous software and programs to help employees stay on top of HIPAA compliance and training.

2.  Protect Passwords

Passwords should never be written on a sticky note and left on the monitor or in a drawer. If you struggle with keeping track of passwords, consider using an app that can manage your passwords for you. Programs like LastPass or Dashlane can help you manage your list of passwords and help to ensure strong password strength. Passwords need to be creative and should not be used for multiple accounts. A good mix of letters, numbers and special characters can yield a higher security ranking.

3. Plan, Plan, Plan

Those who fail to plan, plan to fail. There have never been truer words spoken when it comes to HIPAA compliance. You should have compliance policies for your office. A team member needs to be selected as the compliance officer. A risk management plan needs to be developed and a contingency plan if a breach were to occur. Doing the work up front can help prevent having to back track when the unthinkable could happen.

Between January and May of 2016, 2,136,810 patient records we stolen and exposed in the United States. If you think a HIPAA breach or violation wouldn’t happen, think again. These occur every day and your practice needs to be prepared if something was to happen. For more information on becoming HIPAA compliant visit here.