Is it Time to Conduct a HIPAA Compliance Risk Analysis?

In light of the recent $750,000 settlement agreement reached by The University of Washington Medicine (UWM), following the conclusion of a U.S. Department of Health and Human Services Office for Civil Rights (OCR) investigation into a claim of a potential data breach compromising the medical details of thousands of patients, it might be a good time for medical practices and healthcare organizations of all sizes to review their electronic security protocols, to ensure that they are not running afoul of HIPAA and patient confidentiality laws (even by accident – it still counts as a breach even if an organization is not aware of it!)

“All too often we see covered entities with a limited risk analysis that focuses on a specific system, such as the electronic medical record or that fails to provide appropriate oversight and accountability for all parts of the enterprise,” said OCR Director Jocelyn Samuels.  “An effective risk analysis is one that is comprehensive in scope and is conducted across the organization to sufficiently address the risks and vulnerabilities to patient data.”

What to Look Out for When Conducting an HIPAA Compliance Risk Assessment

All covered entities under The Health Insurance Portability and Accountability Act (HIPAA) must ensure organization-wide compliance with the regulations. Covered entities include:

  • Healthcare plans
  • Healthcare providers –  doctors, hospitals, clinics, pharmacies, and nursing homes

In order to run a successful risk assessment to ensure that your entire organization and any subsidiaries are compliant, covered entities are encouraged to follow four basic principles:

  • Identify
  • Assess
  • Manage
  • Safeguard

It’s important to know that many breaches of patient confidentiality standards often occur by accident, by inadvertently using a computer with malware installed, or sending information over networks that are not secure. Analyzing your organization’s and practice’s systems for potential vulnerabilities is a good place to start. As the UWM case has shown, HIPAA violations can prove to be costly after the fact.

Contact a medical billing, coding, and practice management expert

Managing the complexities of the billing, coding, and insurance claims process can be complicated and time-consuming, but collecting your medical practice’s profits should be simple. Contact an expert at ML Medical Billing at (888) 719-7602 to schedule a consultation, and to learn more about how our medical billing and practice management solutions can help your practice become more profitable today! You can also try our free online profit calculator tool.

Next, read PQRS Reporting: How to Avoid the -2% Payment Adjustment in 2017