Are Your HIPAA Practices In Good Shape?
The Health Insurance Portability and Accountability Act (HIPAA) regulates a great deal of the medical community. Each individual has the right to control the sharing of their health information. Companies and practices that mishandle this are wide open to significant liability.
At Weiss Zarett Brofman Sonnenklar & Levy, P.C., our practice helps clients manage the difficulties of HIPAA security. It’s a vital effort and one that companies get wrong frequently. With our experience, knowledge and dedication, you can put yourself in a good place.
What You Should Know About HIPAA Compliance
HIPAA compliance is largely regulated by two organizations – Health And Human Services (HHS) and the Office for Civil Rights (OCR). HHS periodically audits a sample of covered entities and business associates for HIPAA compliance under the Health Information Technology for Economic and Clinical Act (HITECH) Act.
The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS); regulates compliance; the agency can be a formidable opponent as they are aggressively enforcing the regulations. The OCR focuses on these areas:
- Notice of Practices: Required content for HIPAA-mandated Notice of Privacy Practices, including content related to individual rights and the use of plain language as required by the Privacy Rule.
- Breach of Notification to Individuals: Failure to include the required description of Protected Health Information (PHI) and steps for individual protection.
- Individual Right of Access: Failure to correctly implement individual right-of-access requirements, such as granting reasonable access to PHI records within 30 days and charging a reasonable cost-based fee – due to Electronic Health Records (EHR), health care entities and business associates should only charge per-page fees that represent the actual cost of the paper and manpower to print the record.
- HIPAA Security Rule: Failures to implement the detailed requirements for risk analysis and risk management.
Failure to comply with the Notice of Privacy Practices requirements, the HIPAA Breach Notification Rule, the individual right of access to health information rule and the HIPAA Security Rule can be costly.
Thoroughly Identifying Security Risks
Our lawyers take every available step to help our clients protect health information in their custody. We empower our clients to succeed in their duty to provide patients with understandable documents that describe their HIPAA rights and their timely and cost-based access to their medical records.
It is critical for covered entities, including health care entities and business associates, to know the minimum requirements for HIPAA compliance. Learn more from us by calling 516-627-7000 or by sending us an email using this form.