HIPAA compliance can be a complex subject, it’s wise to follow best practices. If not careful, you can quickly end up on the wrong side of the law. As a national leader in HIPAA safety and compliance training, we receive hundreds of questions regarding HIPAA regulation. So, we have collected seven of the most frequently asked questions and answers about HIPAA.
1) What is HIPAA?
According to the Centers for Disease Control and Prevention (CDC), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
2) Who must comply with HIPAA?
There are three groups that must comply with HIPAA requirements. These include:
- Covered Entities
- Business Associates
- Business Associate Subcontractors
3) What types of patient information are protected?
All medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally, are covered under HIPAA.
4) What happens if someone doesn’t comply with HIPAA?
If a practice is not compliant with HIPAA, the government can impose civil penalties for noncompliance. These penalties can range from $100 to $250,000, with the maximum penalty per violation for the calendar year being capped at $1,919,173. Criminal penalties and imprisonment can also be imposed. State Attorney Generals can also impose penalties.
5) Do I need to retrain employees every year on HIPAA?
Yes, HIPAA training should be conducted for your employees every year. The benefits of HIPAA training outweigh the risks of not conducting annual training. It should be considered a continual investment in your practice and the protection of your patient’s privacy and security.
6) What is a breach?
A breach is considered the impermissible use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of the protected health information.
7) How often should a practice perform a Risk Assessment?
The HIPAA regulations allow organizations to perform Risk Assessments at a frequency they deem appropriate. However, as a best practice, to meet U.S. Department of Health and Human Services (HHS) standards, it is recommended that risk assessments be reviewed on an annual basis.
Experience Better Healthcare Compliance
MedSafe is the nation’s leading one-stop resource for outsourced accreditation and healthcare compliance solutions. For over 20 years, we have been providing peace of mind to hospital groups, private practices, and their business associates. Our suite of onsite and online training services, including OSHA, HIPAA, Corporate Compliance and Code Auditing better equip your practice with the necessary tools and skills to achieve and maintain regulatory billing compliance. MedSafe takes a hands-on approach and works directly with your team to uncover issues and define suitable solutions.
Leave a Reply