HIPPA violation fines have increased the new numbers show that depending on the violation and what TIER you are in 1-4, you could be on the hook for anywhere from 25K to 1.5MM per category per year in max fines. Meaning that if you are found to be out of compliance and negligent in multiple categories this number goes up. Currently cyber-attacks are rampant and the biggest money maker is PHI. PHI on the black market is like gold. If you are out of compliance and it causes a breach, and your company is found negligent you will be on the hook for a fine and possibly a lawsuit. The list we put together below is a great starter tool to assess your companies current state of compliance.
Is your webpage hosted by a site that is HIPPA Compliant?
Does your sit have HIPPA compliance option
If not change your host
Is your site protected by an SSL Certificate?
If not get one in place
Are all forms of web communication encrypted, to include secure all web forms?
Contact forms, chatbots, or appointment services through your site need to be encrypted
Do you insist on Business Associate Contract?
Bill collector going after delinquent payments must follow the same rules regarding protected health information as the nurse who takes a patient’s blood pressure
Have you restricted Access to PHI?
The least privileges possible. Not everyone in the office needs access to PHI, and the same goes for online access
Have you developed and implemented systems for accepting, storing, transmitting, and deleting PHI?
When collecting PHI on unsecured tablets and leaving them in the office, this is a potential violation. There are so many ways to handle PHI. The key is to find a HIPAA compliant system that works for your staff that is well known and understood.
Do you provide HIPPA Compliance training to everyone with access to PHI?
Make sure all employees know and understand how to carry out HIPPA compliance standards
HIPPA compliance has so many different aspects to it that it is extremely important to make sure that you and your staff are up to date on. The list above is only the tip of the iceberg when it comes to HIPPA compliance. Reaching out to a professional firm that can specialize in HIPPA compliance is a great way to ensure your staff is operating within the set guidelines. Patient privacy rights and protected health information breaches can lead to an investigation. Below is the HHS.gov HIPPA Complaint Process. It outlines the start to finish the complaint to investigation to eventually resolution. Hiring a outside consulting firm will give you an unbiased look at your assets and how well you have protected them.