HIPPA Omnibus Rule is actually the most remarkable change to HIPPA security and privacy rule as they had been first introduced and implemented about 18 years ago. Under this rule, every first violation of the rules will be charged $50,000 on one incident every year and repeated violations will be then charged $1.5million. If this much is the penalty for not abiding by the rules, then it is mandatory for every individual to ensure that his/her practice is as per the rules of HIPPA. Here is the list of suggestions which one can follow in order to ensure he/she is following the HIPPA rules:

  • There should be a security and privacy officer at your practice: that person has to be given complete information regarding the HIPPA security and privacy rules so that he/she becomes a source for other employees to learn about these rules. Every worker should be aware of these rules and must be able to report any violation
  • Keep on updating the Privacy Practice Notice: this notice will help the patients to understand that their health information will only be used by the office besides informing them about their rights on this information. This notice should be updated time to time regarding many things like an authorization is necessary before the psychotherapy notes release, an authorization is necessary before the release of any marketing of PHI, any PHI sale or for any fundraising, genetic information of patients should not be used by health plans, violation of rules and any complaint about any breach by any patient should be entertained, patient will be having right to restrict information to a particular health plan for which the patient has paid in full and the right of patient to access those information electronically
  • Timely updation of Business Associate Agreements (BAAs): any business associate is an external entity or person which requires PHI and then delivers services on behalf of healthcare service providers like the billers, vendors, accountants etc. The office should be having such Business Associate Agreement before allowing any associate to use PHI. Any Business Associate Agreement should be in compliance with the security rules and any breach from the agreement should be reported to the office
  • Keep on updating about any breach in the notification of the compliance plan: a breach is generally noticed if any employee has discovered that any PHI has been mishandled. It has been in practice since 2009, that if any breach was observed, the office was responsible to assess the level of harm that has been identified to the patient. Every breach is to be reported and after assessment it has to be then identified if the breach is of high level or low level related to the associated risk it has given. There should been a system at the office for the assessment of such breaks and timely notifying patients whose PHI was observed compromised
  • Log Book Creation: every breach assessment result has to be kept in this log book apart of breach notification for the 6 years at least
  • Keep on updating the medical record of patient: this is to be done in order to add an option of facilitating patient with the provision of an electronic copy of it
  • PHI should be encrypted: every PHI should be encrypted to some federal standard and the EHR of the office should be certified
  • Implementation of a system for the disclosing of immunization records requests: as such records may be needed by schools but should be done under the law
  • Proper form for the patient request: this is done in order to strict the PHI disclose to any health plan
  • HIPPA Procedures and Policies should be redrafted: this is done in order to enlist all the changes mentioned above
  • Employees training: all the employees should be trained in order to make them aware of the HIPPA rules
  • Staff Education: staff education is required on any new regulation about the rules

If your office is fully in compliance with HIPPA rules, then is the time to focus on NPPS, BAAs and any breach notification. The information provided in this article are of primary nature and it has to be ensured that all the employees are properly educated on any new requirement in the rules.

MpowerMed The Key Piece to a Successful Practice
MpowerMed is a full service medical practice and project management company and we're looking forward to chatting with you to learn more about your organization to see if we can assist you...
Send
Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This

Share this post with your friends!