If you want your business to work with the healthcare industry, you must be informed about HIPAA and its implications for your IT infrastructure. HIPAA is the Health Insurance Portability and Accountability Act. While the goal of HIPAA was to regulate workers’ access to health insurance, it also massively overhauled privacy regulations for electronic medical records.
The penalties for violating HIPAA are severe. Following new legislation in 2009, both business owners and individual employees can suffer up to $1.5 million in annual fines and 10 years of federal imprisonment. But, despite these concerns, small and medium businesses can follow a number of best practices to make working with the healthcare industry a reality.
While HIPAA’s main purpose was to regulate health insurance, it also introduced stringent regulations for handling Protected Health Information (PHI), which is medical information in any format that can be used to identify an individual. The Department of Health and Human Services (HHS) has issued a list of 18 HIPAA Identifiers (PDF) that denote information is PHI.
Some of these identifiers are common sense, such as names, “geographic subdivisions smaller than a state,” and phone numbers. But PHI also contains vaguely stated identifiers, including “account numbers” and “certificate/license numbers.” These broad terms mean a whole range of businesses must be prepared to meet HIPAA regulations, which requires properly secured IT infrastructure as well as comprehensive training and policies.
Proper training ensures your business’s HIPAA compliance. Our advice is to keep it simple. Most employees don’t need to know how to resolve complex compliance matters; instead, your training simply needs to prepare them to identify and report potential violations according to your policies.
Proper compliance policies depend somewhat on the nature of your business, but here are some best practices every business working with PHI should follow.
While some policies will vary by business, what shouldn’t vary is enforcement. Proper training should keep employees informed of the severity of HIPAA violations, but you need to ensure your business enforces them appropriately nonetheless.
The HHS offers a wealth of further information so your business can implement HIPAA compliance.
Do you want further advice on keeping your business IT compliant with HIPAA? Our team has years of experience to offer you. Give GDS in New England a call at (888) 849-6818, or send an email to Info@GDSConnect.com today.
Copyright ©2017 Global Data Systems, Inc. All rights reserved.