June 16, 2016|Categories: Healthcare Policy and Reform
As a business owner, my professional conversations with physicians run the gamut, from how my business services can solve their problems, to exchanging ideas and best practices, and offering support in starting and growing a business. I get the feeling that physicians running a medical practice often feel like they have a target on their back because staffing, management, regulations, documentation, and reimbursement have become such big parts of medicine.
Building a business requires tremendous time, money and effort in order to become profitable. The compliance landscape shifts and evolves. Today, a HIPAA Security Risk Analysis has become paramount for almost any medical practice to collect state and federal reimbursements. An often overlooked benefit, however, is the Security Risk Analysis, which can improve the efficiency and professionalism of these same practices.
But how does complying with HIPAA help?
First, HIPAA Security is greatly misunderstood. HIPAA was originally conceived because patients were not able to access their own health information. Today, HIPAA enforcement is the main driver to ensure we don’t mishandle or otherwise treat patient’s protected health information (PHI) with neglect—willful, or not.
Many practices believe that if they complete a quick checklist or perform a risk assessment with an auditor on the phone and get a final report, they are done and have “checked the box.” Like doing a fast tax-return, this quick approach diminishes the value of HIPAA. If embraced, HIPAA’s Security Risk Analysis checklist of best practices provides ongoing benefits, such as:
- Policies and Procedures establish a code of conduct on how staff should represent the clinic in day-to-day interactions with patients.
- Guidance on handling patients, staff, processes and technology provides operational clarity
- Assurance that the IT department makes Electronic Medical Records available (e.g. performance, backups and recovery), complete, accurate and confidential.
- A clear baseline on how to handle all aspects of patient releases, authorizations, business associates and internal operations.
- One aggregated place for information about patient visits can contribute to population health research and disease management.
- Encryption of laptops, desktops, smartphones and all portable media can reduce the risk of having to report a breach by up to 68% (according to OCR breach data for theft, loss and improper disposal).
- Meaningful Use provides incentives and ongoing reimbursements (soon to become MACRA).
- Staff attire, name badges and a proper patient waiting area separate from the clinic complies with HIPAA and improves the professional look and feel of the clinic.
- Training and employee awareness reinforces policies and procedures which drives improved moral and reduces risk to the clinic.
The Bottom Line:
Conducting a HIPAA Security Risk Analysis covers Administrative, Technical and Physical (PAT) safeguards and provides a snapshot into where the clinic is performing well and where improvements are needed. If a HIPAA Security Risk Analysis is the snapshot, then the “moving picture” is the ongoing process of improving gaps in compliance, not only to reduce the chances of a security breach but also to improve the efficiency of the healthcare office. For a quick 5-minute assessment, take our high-level HIPAA Security Assessment quiz and see how your practice fares against the top 13 most overlooked items.
Take the quiz, and the results say it all: You likely need help.
If you’re an athenahealth client, join Steven Marco, President of HIPAA One; Rich Devlin, CEO of Sentry Healthcare Informatica; and Jonathan Seery, of the athenahealth Meaningful Use Performance team for a webinar on Wednesday, June 29th at 1pm EST covering:
- The history of HIPAA and the SRA requirement
- What makes an SRA successful and audit-proof
- What you can do NOW to kick off your SRA and ensure compliance
athenahealth clients, click here to register for this event.