HIPAA Compliance:  Don’t Put Off the Inevitable

The Federal Government Office for Civil Rights  announced March 21 it has begun its second phase of HIPAA audits.

The Office for Civil Rights will verify that groups meet selected HIPAA standards and implementation specifications of the law. See the news here.

With Office for Civil Rights audits, healthcare cyber-crime, and data breaches on the rise – why take the risk? Remember, HIPAA compliance is a never ending journey rather than a destination.

• What is the reward for non-compliance?
• Does the reward outweigh the risk associated with non-compliance?
• Is the risk worth the fines and audit penalties?

HIPAA laws have avanced for 20 years as have hackers, theft, disgruntled patient and staff whistle blowers. Let’s face it, these issues didn’t exist back then but are here today and not going away.

The mandated deadline for HIPAA compliance has passed.

• HIPAA compliance may not seem like a big deal, but judging the news of increased breaches, hacks and theft…it should be. The world around us is ever changing and we have to actively adapt to it.
• According to the Office for Civil Rights (OCR), the top 10 data breaches alone accounted for just over 111 million records that were lost, stolen or inappropriately disclosed.
• The proposed 2016 budget raises funding for the Office for Civil Rights to $42.7 million – an increase of $3.9 million – which is intended to help it set up a permanent HIPAA audit programs.

HIPAA begins

HIPAA was originally passed in 1996 and not taken seriously because fines for violations were low and the “HIPAA police” was not to be found. HIPAA regulations were enacted to protect patient privacy and your dental practice.

HITECH Act 2009

Congress included tougher security requirements within the HITECH ACT introduced in 2009 that came with higher fines, an enforcement budget, random audits and breach investigations. HIPAA came of age and now the regulatory requirement as originally intended.

Omnibus Final Rule

September 23, 2013 marked the deadline for compliance with the HIPAA Omnibus Final Rule that was issued in January 2013. Among other requirements, all Business Associates must comply with HIPAA to the same extent as dental practices. Business Associates who violate HIPAA now face the same federal civil and criminal penalties as Covered Entities.

Office for Civil Rights

If data privacy and security are not addressed, the Office for Civil Rights can issue fines for non-compliance, while preventable data breaches are likely to impose considerable financial penalties.

The final word

HIPAA compliance is the government standard that secures patient Protected Health Information (PHI). It’s a necessary evil that really isn’t evil, but is required for all dental practices and their Business Associates. It’s also a great way to show patients that your practice is fully committed to protecting their privacy.

HIPAA compliance is not a destination but instead a journey that is fluid and never 100% complete. If dental practice processes change so does the environment. Anything from staff turnover to technology updates influence these changes. As HIPAA compliance tumbles to the bottom of the priority pile, realize you are merely putting off the inevitable.