So, you think that the state and federal government has more important things to do than monitor and punish you?

Think again!

Besides being monitored by several agencies, patients themselves can turn in who they view as the “culprit”.

Protect Yourself Against Breaches- and Decrease HIPAA Penalties

According to  David M. Vaughn, the author of  “Compliance for Success: OIG and HIPAA” up to 50%  of  penalties leveled on HIPAA cases reported to date (ranging from $50,000 to $2.3 million) were actually due to a lack of providing written risk evaluations and  HIPAA procedures as opposed to the breaches of privacy themselves.

Mr. Vaughn warns

” If a breach occurs, the fine will be much lower if you can show you took steps to prevent it.”

He provides the following guidelines:

• Include an indemnity clause in business associate agreements, so if the business associate is responsible for a breach, he or she will pay any fines.  Then you are not caught in the broad net that attorneys cast.

• Get $1 million in cyber liability protection to shield your practice should business associates or vendors who handle your protected health information (PHI) go out of business. If you look closely at your medical liability contract, HIPAA breaches are not currently protected under your current policy. This is especially important for situations where vendors have a vendetta against you.

• Encrypt PHI-containing electronic devices to protect data that could be retrieved if a device is stolen or lost. Don’t forget that your smart phone or mobile devices are often vulnerable and should be encrypted as well.  There are programs available to protect them (and you!)

• Have clear record and device removal policies that outline how long records can be gone from the office, how they need to be protected while out of the office, etc.  This includes copies that you have sent to specialists and referring physicians where you have no control over information and patient data once it leaves you.

• Hire a third party to conduct periodic risk assessments

Now that physicians are entering the social media arena, this is a prime target for vulnerability.  You never know what eyes are watching on your site.

Remember to have a statement informing the viewer that the information on your social media site is for educational purposes only and that if a specific health problem needs to be addressed, then that individual needs to contact the physician directly or make an appointment for further evaluation.

Times are challenging now when it comes to documentation but to ignore this is a costly mistake!

For more tips, sign up for new blog entries in the box at the top left corner of this page.  See you at the next post!