HIPAA OMNINUS RULES AND DOCTORS IN PRIVATE PRACTICE
Private practice doctors have until Sept. 23, 2013 to implement all the latest HIPAA policies and procedures under the Omnibus rules. These policies and procedures are required in order to comply with all the changes that have been made to the Health Insurance Portability and Accountability Act (HIPAA).
The department of Health and Human Services (HHS) Office of Civil Rights (OCR) released the final omnibus rules in January of 2013 and will start enforcing these rules on Sept. 23, 2013. The HHS has made it clear that penalties to healthcare providers that are found in ‘willful neglect’ can range in between $100.00 to $1,500,000.00. The amount of the penalty will depend on the type of violation that the covered entity has committed.
In order to update their compliance programs, doctors in private practice must:
- Perform and document a risk analysis. The risk analysis consists on doing an accurate and detailed assessment of all the potential risks and vulnerabilities that their practice is exposed to the confidentiality, integrity and availability of Protected Health Information (PHI). The outcome of the risk analysis should be a documented in a risk management report that describes all risks and vulnerabilities of the medical practice to PHI.
- Review and update the medical practice’s policies and procedures in the case that PHI is lost, stolen or improperly disclosed. The medical practice must ensure that all staff members are properly trained on the updated policies and procedures.
- Make sure that all the devices that hold PHI such as workstations, laptops, tablets, mobile phones, etc., are encrypted. The encryption of these devices will prevent PHI to be accessed in the case that the devices is lost or stolen.
- Work with their HER vendor to make sure that the medical practice’s HER system is updated to flag information that patients do not want the medical practice to share with the insurance companies.
- Put in place a process that provides the practice the ability to provide patients their medical record information in electronic format.
- Review an update the medical practice’s contracts with its business associates. Business associates are people not employed by the practice who have access to PHI.
- Updating the notice of privacy practices. The updated notice of privacy practices must be displayed for patients to see and must be posted on the medical practice’s web site.
At Vitruvian MedPro we help medical practices stay out of willful neglect by providing HIPAA Compliance consulting services. As part of our HIPAA Compliance consulting services, we help medical practices perform and document a risk analysis. We provide medical practices with a thorough risk management report describing their risks and vulnerabilities with PHI.
A free consultation of 30 minutes or less will let you know whether your practice would be found under willful neglect in the case of an audit.
For more information on Vitruvian MedPro’s HIPAA Compliance kit visit: HIPAA Compliance Kit.
At Vitruvian MedPro, a Massachusetts based medical billing and practice management consulting company, we help medical practices improve cash flow and focus on patient care by providing medical billing, medical coding, and patient collection services. Visit our web site at Vitruvian MedPro