HIPAA Compliance Tips for Doctors
September 18, 2018
Today’s headlines are filled with accounts of corporate data breaches. Over the past several years, the healthcare sector has been hit especially hard by breaches of protected health information (PHI). A recent study found that 4.2 million US healthcare patient records were compromised in the first half of 2018. Not only are large healthcare organizations are being breached, but PHI from small, private medical practices is also being stolen and compromised. As the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) steps up enforcement of PHI breaches, it’s critical to make sure your healthcare practice is HIPAA compliant. In this blog, we offer several tips to help you do that.
Understand the Law
Your medical practice can’t comply with HIPAA if you don’t understand the specifics of the law. Someone within your organization should know HIPAA Privacy Rule requirements so compliance protocols and employee training sessions can be correctly implemented. If you don’t have a staff member who can handle this for you, or for further HIPAA compliance assistance, seek the help of a qualified third party.
Know What to Keep and for How Long
HIPAA gives patients the right to access their PHI. As a result, HIPAA covered entities must keep PHI for six years from the date of creation or last use, whichever comes later. PHI may include the following types of records:
- Medical records
- Images and X-rays
- Insurance information
- Clinical Lab test results
- Billing and payment records
- Wellness and disease-management program files
These records should be stored securely during their retention period to prevent unauthorized access to PHI.
Destroy Patient Records in a HIPAA–Compliant Manner
HIPAA covered entities are responsible for the secure disposal of patient information. If your organization is sued for negligence and has failed to apply destruction policies uniformly, or destroyed contrary to policy, courts may allow a jury to infer improper action in treating the patient. The bottom line is, failure to comply with HIPAA could result in heavy fines as well as loss of business for your practice. To avoid consequences like these, partner with a HIPAA-compliant document shredding provider.
Implementing these tips will help your medical practice safeguard the PHI it maintains and stay HIPAA compliant.
The Shred Truck™ provides NAID AAA Certified, HIPAA-compliant, mobile, on-site paper shredding, and hard drive destruction services in and around St. Louis, Missouri. For more information, please call us at 314-729-9200 or complete the form on this page.