Move Beyond HIPAA 101 and More OCR Fines on the Way

Providers especially, and the industry as a whole, continue to struggle with HIPAA compliance. Much of it continues to be a box checking mentality that physicians and their administrators or CEO's have gotten into rather than a comprehensive understanding an a dedicated and thorough approach to compliance.

We see it all the time. Our customers want to be compliant because they have to be, but really everyone just wants to check the necessary boxes. We, at The IT Company, have taken a very different approach to compliance, and that is this: "What is the opportunity that compliance affords us to make us better as an organization?" Taking that approach means we are constantly learning about the rule and the requirements, beyond the surface, and we are seeking alignment in the security rule and our business objectives.

But, the healthcare industry as a whole must move beyond HIPAA 101 to onto where we should be at master levels.

"At ONC, we hear all of the time that the Health Insurance Portability and Accountability Act (HIPAA) makes it difficult, if not impossible, to move electronic health data when and where it is needed for patient care and health. This is a misconception, but unfortunately one that is widespread. ... What many people don't realize is that HIPAA not only protects personal health information from misuse, but also enables that personal health information to be accessed, used, or disclosed interoperably, when and where it is needed for patient care."

These two articles are great reminders of what and where we need to be:

OCR on HIPAA enforcement: 'We may have more fines in the future '

Moving beyond HIPAA 101

 

 

October 24th, 2016 |Categories: OCR, Healthcare, HIPAA, Compliance

Recent Posts