Skip to Main Content

Four HIPAA Compliance Tips for Your Medical Practice

By Tayla Holman February 01, 2017 Posted in: Patient Care , Article

Your patients want to know that their personal information is secure and that the disclosure of protected details happens only when necessary. HIPAA compliance is essential for your medical practice, because it ensures that patients have peace of mind when it comes to the personal information available through their medical records. When you demonstrate a commitment to keeping information secure, you can not only avoid fines, but you can build geniune connections and trust with the people you treat.

Two key aspects of HIPAA, known as the Privacy Rule and Security Rule, are particularly important for medical practices to follow. In general, the Privacy Rule limits the release of health information to what is reasonably needed for the purpose of the disclosure. It also requires the establishment of appropriate safeguards for the confidentiality and security of electronic protected health information (e-PHI).

Although HIPAA was first enacted in 1996, the latest modifications to the regulations, known as the final omnibus rule, went into effect in September 2013. The new rule, detailed by the Department of Health & Human Services, expands patients' privacy protections and allows them to ask for a copy of their electronic medical record. Patients may also instruct providers not to share information about their treatment to their health plan if they pay out of pocket. The omnibus rule also requires providers to request a patient's permission before they market a third-party service to the patient based on their protected health information.

Following these rules is hugely important because, along with gaining the trust and confidence of your patients, you want to avoid any violations, such as theft of patient records, disclosure of information without consent, or lost data, that can result in steep civil or criminal penalties. There are several steps that practices can take to meet HIPAA compliance:

  • Always get patient approval for protected health information transfers. Attorney James Wieland, principal at Ober|Kaler's Health Law Group, says it is important to get explicit approval any time information is transferred to a third party, even if it is at the patient's request. "If you get directions or requests from an individual to transfer their personal health information to a third party, you must get them to clearly state it — in writing — or you will be at risk," he says. Wieland also suggests getting consent from the patient if the information is transferred through nonsecured means.
  • Run a risk analysis. HIPAA requires that organizations that handle protected health information regularly review administrative, physical, and technical safeguards. According to the Department of Health & Human Services, there are four key steps to the risk analysis process: "Evaluate the likelihood and impact of potential risks to e-PHI; implement appropriate security measures to address the risks identified in the risk analysis; document the chosen security measures, and where required, the rationale for adopting those measures; and maintain continuous, reasonable, and appropriate security protections."
  • Conduct employee training. Even with safeguards in place to protect your patients' health information, it's still possible for a violation to occur if employees aren't aware of the rules. HIPAA compliance training should be provided to employees when they first start working at the practice and should be continued annually. This training should include information about the privacy and security rules, violations, and tracking patient record requests. In addition to offering training, your practice should also strengthen its employee password policy and require employees to regularly change the passwords they use to access patients' medical records.
  • Update business associate agreements, policies, and procedures. According to Medical Economics by ModernMedicine, relations with business associates is the second major area of vulnerability when it comes to HIPAA compliance. Under the new rules, business associates have the same responsibility to secure protected health information as providers. They are also subject to the same penalties for HIPAA violations. Your practice should review its agreements with business associates and update them to reflect the fact that they are now liable for HIPAA compliance. Your practice should also update its HIPAA policies and procedures, including its Notice of Privacy Practices.

Securing patient information requires procedures and training, but the effort is worth it when you avoid penalties and secure the trust of your patients. When they know you are looking out for their interests by keeping their information safe, it will go a long way to creating a productive relationship and connection.

5 Questions Women Should Ask Their Primary Care Physician

MAR 01, 2023

Going to the doctor can be stressful. Whether for a general exam or a specific health problem, there is often so much information to process that we don't think to ask questions during our visit or simply feel embarrassed to ask.

Read More Additional information about Dignity Health | 5 Questions Women Should Ask Their Primary Care Physician

The Importance of Prenatal Vitamins

SEP 12, 2022

It's important to remember that vitamins and supplements cannot take the place of a healthy diet. For example, pregnant women should eat multiple servings of fresh green vegetables and foods rich in omega-3 fatty acids. Higher doses of certain vitami...

Read More Additional information about Dignity Health | *

Breastfeeding for Working Moms: 5 Tips to Guide You

SEP 12, 2022

It's often said that breastfeeding is a full-time job. And in those first few weeks of motherhood, when it feels like you're feeding constantly, it certainly can be. But what happens a few months later when you have to go back to work?

Read More Additional information about Dignity Health | How to Make Breastfeeding for Working Moms Easy