In 1996, the United States Government passed a legislation for the privacy and safeguarding of all medical data.
This legislation is known as the Health Insurance Portability and Accountability Act, but is more commonly referred to as HIPPA (which is thankfully, easier to remember).
Anyone in the healthcare industry who deals with Protected Health Information (PHI), must comply with HIPAA Rules.
What happens if you don’t comply with HIPAA rules?
You have to pay out a lot of money. And I mean a lot. The following healthcare providers didn't fully comply with HIPPA and are great examples of the kind of money we're talking about:
The University of California Los Angeles Health System was fined $865,000 for failing to restrict access to medical records.
North Memorial Health Care of Minnesota had to pay $1.55 million in a settlement, for failing to enter into a Business Associate Agreement with a major contractor.
The Memorial Healthcare System received a $5,500,000 penalty for insufficient ePHI access controls.
The Memorial Hermann Health System had to pay $2.4 million in a settlement for disclosing a patient’s PHI in a press release.
It clearly pays to be compliant.
What do you have to do to be HIPAA compliant?
HIPAA compliance is a series of regulatory standards which outline the lawful use and disclosure of PHI.
Healthcare entities must perform ongoing technical and non-technical evaluations to establish if their security policies and procedures meet these regulatory standards.
Don’t be fooled though.
It may sound simple, but HIPAA compliance is never 100% complete.
Changes to medical processes, technology, policies, procedures, staffing, HIPAA rules, and business practices all mean a change to the environment and will easily render a HIPAA certification invalid.
To prove this point, researchers found, in the first 6 months of 2019, a total of 285 incidents were reported.
Luckily, Process Street is here to help.
HIPAA requires transparency first and foremost, which means activity revolving around regulated data systems may be audited at any time.
The HIPAA compliance checklist that Process Street has created will make sure you are ready for an audit.
We’ve created a series of tasks and questions, based on the advice given by the HHS’ Office for Civil Rights and the HIPAA Journal, about the measures your organization should have in place to keep you HIPAA compliant.
A word of warning!
This checklist allows you to self-evaluate HIPAA compliance in your organization.
However, successfully completing this checklist does not guarantee you are HIPAA compliant.
To be safe, you should always consult a HIPAA compliance expert.
Process Street is super-powered checklists. It’s the easiest way to manage your recurring tasks, procedures and workflows. Create a template and run individual checklists for each member of your team. You can check tasks off as you work through them, set deadlines, add approvals, assign tasks, and track each team member's progress. You can also connect to thousands of Apps through Zapier and automate your workflows even more.