- The continued publication of data breach stories
- OCR audits are fully ramped up now
- The requirement to attest to HIPAA compliance as a requirement of the meaningful use incentive program
- State Attorney Generals are trained to audit on HIPAA and many see fines as a new ‘income’ source for their state
- Recent visibility of breaches and the time and money it takes to deal with them
I don’t have to remind anyone reading this that healthcare is a highly regulated industry and it’s not going to get any better. HIPAA is “low hanging fruit” from a compliance standpoint—as long as you treat it with the ‘seriousness’ it deserves. Get your documentation ducks in a row and train your staff.
I didn’t say it would be easy—it does take time to get the proper documentation in place and actually follow it. You already have to train employees on other topics annually—add HIPAA to the list. Don’t view it as a “check-off” item—make sure the content really meets your needs, is current and updated, and tie it to what you do internally to manage HIPAA compliance.
One size does not fit all. The people calling us today had training in place, but violations were still occurring. The programs were too long (couldn’t get staff to take them), were not up-to-date, were too generic (didn’t incorporate organization-specific information), and the person delivering them was too busy to keep up or all of the above.
Do yourself a favor—make sure your organization is as prepared as possible. We’re all staring at the looming ICD–10 transition in 2014—the last thing you need is to be distracted with HIPAA violations and breaches. BridgeFront has the tools and resources to help you each step of the way.