Physicians engaging in compliance with standards established by the Health Insurance Portability and Accountability Act face uphill battles at their practices. Regulatory updates and technological advances shift faster than most facilities can evolve internal processes, leaving a wake of challenges to navigate with each transition.
Getting lost in translation
The Final Omnibus Rule from HIPAA was issued in 2013, but some healthcare providers remain unaware of the associated policy updates. Currently, 36 percent of medical office professionals lack crucial understanding of HIPAA’s regulations, with an additional 33 percent failing to comprehend the audit strategies implemented by the U.S. Department of Health and Human Services’ Office for Civil Rights.
As part of federal initiatives to reform the industry, healthcare professionals are instructed to conduct self-audits to ensure their patient health information is secure. However, only one-third of practices performed formal risk analyses to assess the potential for inappropriate disclosures of PHI. This is a very dangerous pitfall, especially considering the current proliferation of handheld devices at medical practices.
With only 1 in 4 providers cataloging at least three-quarters of their practices’ electronic devices that carry patient data, physicians leave clinical information at risk of malicious leaks. This absence of accountability can pose a significant threat to revenue cycle management.
Decreasing the risk of fines
In 2013, 34 percent more HIPAA violations were discovered than in 2011. This indicates a startling drop in security measures designed to protect patients – and practices – from illicit electronic activity. In addition, maximum HIPAA fines have increased to $50,000 per violation, which would be on top of any secondary penalties from other agencies and organizations.
With annual fine total approaching $1.5 million, providers need to find the appropriate answers to mitigating risks with HIPAA violations. Approximately 56 percent of practices have appointed dedicated security offers to continually assess threats and prevent data leaks. However, 30 percent of clinical employees have not participated in HIPAA training sessions, which could lead to added layers of protection against hacking.
Practices need to have formal contingency plans in place to alert providers about breach notifications to prevent further loss. With only 45 percent of care centers claiming to have these fail safes in place, it is evident that more needs to be done to remain HIPAA compliant. Otherwise, practices could have more problems on their hands than implementing EHRs or patient portals for Meaningful Use.
Check out the infographic below to learn more!