By Nitin Thakor, GeBBS President & CEO
The HHS Office for Civil Rights (OCR) recently imposed heavy monetary fines and acceptance of resolution agreements and corrective action plans on two provider organizations following substantial violations of the HIPAA privacy and security rules.
About 30 organizations to date have now agreed to such sanctions after OCR determined they were essentially ignoring HIPAA.
This action reinforces the importance for healthcare providers to deal with experienced vendors and outsource organizations when it comes to HIPAA compliance. There is no substitute for intense training on how to handle protected health information (PHI). PHI touches almost every aspect of healthcare delivery from revenue cycle management to patient care, and healthcare providers must ensure they are dealing with a partner that completely understands all aspects of HIPAA compliance.
Whether itโs an HIM solution, end-to-end revenue cycle management, insurance billing, or a patient access solution, the company applying these applications to help healthcare providers must understand, and more importantly, apply ALL HIPAA compliance regulations as they use these solutions in the actual delivery of healthcare. Training and experience are the key factors in delivering on HIPAA compliance.
An experienced outsource company will have in place a business associate agreement (BAA) that addresses risk analysis and all potential vulnerabilities to a clientโs electronic protected health information. They will examine where and how their solutions impact PHI and address its protection enterprise-wide throughout the clientโs IT infrastructure.
When it comes to PHI and HIPAA compliance, training and experience do make a big difference.