HIPAA is an act that everyone in the healthcare industry is well aware of as it aims to keep American patients’ health information safe by making sure it remains private to only those who need it in within the healthcare sector.
A healthcare out can have a massive fines sanctioned against it in relation to any breaches of HIPAA.
HIPAA was originally enacted during 1996. Today the landscape that it governs has completely changed the landscape of healthcare, allowing for electronic storage of health information like patient records. This adds a whole new host of challenges for HIPPA.
H2: Changes in HIPAA Enforcement
The Office of Civil Rights (OCR) have been requesting feedback on how to help HIPAA evolve for the modern day world. Changes down the pipeline include changes to how healthcare organizations work together, as well as a move to value based health care and additions which will permit outfits to be more efficient in tackling the opioid crisis.
There’s also will also be some changes in how the law is enforced. 2018 broke new records for HIPAA compliance financial penalties, as OCR collected over $28 million. OCR is planning on charging institutions for delays and denial of access to patient’s records. Another proposal is that linked to overcharging patients.
Additionally OCR is planning on becoming going to be stricter with compliance violations.
H2: Becoming HIPAA compliant in 2019
There are many must-do steps to make your company HIPPA certified in time for 2019. The first thing you should do is review the electronic records at your offices.
Search for any flaws that could lead to security breaches. Hiring a healthcare security consultant is a wise move. They can assist in studying your security program to ensure it is strong enough and prepared for HIPAA certification. They can also create a report that shows the state of the system and outline the steps that need to be taken. Following this you will need to address any issues with your security as outlined by the consultant. They will be able to give you suggestions on what needs to be done.
HIPAA states that that healthcare facilities should conduct tests to ensure that are being operated in accordance with the law. Healthcare entities have to document to results of these tests to stop any potential leaks ahead of time.
The easiest way to complete these tests is via an automated system created by a security professional. Some systems even include predefined event reports which allow you to sort by data type and date source. This makes it easy to sort the information.
Following this you need to put steps in record breaches of the data.
Healthcare entities must, by law, report any HIPAA leaks. The security platform that helped you set-up the automatic reporting can help you with a system to record this. If you use a cloud, make sure whatever you use searches for breaches there also.