PK Tech meets and works with a lot of healthcare practices in Arizona.
A consistent pattern that we come across is that HIPAA is either an afterthought or a no-thought.
We often hear some or all of the following:
- “HIPAA doesn’t apply to our practice.”
- “We don’t see it being enforced, so it’s not on our radar.”
- “We bought a HIPAA package years ago, so we should be good.”
To answer the question as to whom HIPAA applies — do you take health insurance? If yes, you are the primary target of HIPAA and are classified as a Covered Entity. The “I” in HIPAA is for insurance, and accepting it means you are accepting the burdens of complying with over 500 pages of HIPAA regulations.
The risks of non-compliance typically include significant civil fines, being listed on the public-facing HIPAA Wall of Shame, and in severe cases, criminal charges. Another side effect of being on the wrong side of this is reputation damage. If breached, you’ll be required to notify your clients what happened. You’ll also have to deal with SEO (Search Engine Optimization) damage when negative press and the government’s Wall of Shame come up when people search for you.
A minimum requirement of HIPAA is to annually conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information. No one-time package from a conference or association will suffice for this.
Simply put, from a self-protection and logical business decision viewpoint, accepting health insurance payments is a choice that comes with the requirement to protect patient information.
Why do we care?
We are required to comply with HIPAA because we’re Business Associates to many healthcare practices. We also hold several insurance policies that protect our clients if we’re breached or make a mistake that causes damage. Our insurance requires us to take HIPAA, and other regulations, seriously and provide evidence that we’re doing it right internally and only implementing compliant solutions for our clients.
Beware and run from IT companies or “IT Guys” who aren’t aware of compliance risks that can shut down their business with one breach overnight.
How can we simplify the HIPAA compliance process?
If you’re a new client subject to HIPAA, and you do not have a comprehensive solution for HIPAA that satisfies its minimum requirement, we’ll include a subscription to Compliancy Group as a part of our quote. Compliancy Group is a company that eats, sleeps, and breathes HIPAA compliance, and we’ve been partnered with them for over three years.
Here’s a rundown on why this is a no-brainer:
- Unlimited support.
Live compliance coaches are a part of the subscription fee and can help with compliance questions.
- Company-wide training.
Quickly train your staff and have them attest they understand what’s expected of them when guarding patient health information annually. Having proof your staff members went through training puts your business in a better position if there is a breach due to user error.
- HIPAA Seal of Compliance.
Use the industry-recognized seal to separate you from your competition and give patients confidence that you are taking the necessary steps to protect their information. Put the seal on your website, social media, do a press release (here’s ours), and frame the certificate in your office.
- Audit support.
If audited, they’ll provide all documentation and support to the auditors as part of the subscription. Compliancy Group has never failed an audit in the 18 years they’ve been in business.
- Business Associate Management.
Another minimum requirement is managing HIPAA contracts between all your vendors with access to patient information. Think IT companies, backup vendors, software vendors, outside billing companies, and more. The platform includes legal templates and centralizes the tracking of this information.
- Includes HIPAA Breach Insurance.
If you obtain the seal of compliance and have a breach, the platform Includes $100,000 of HIPAA Breach Insurance to help cover the costs of fines, legal fees, credit monitoring, and reputational damage.
What does a HIPAA compliance solution cost ?
When we’re selling Compliancy Group to our clients, we’re including our labor related to assisting in answering IT specific questions during the process and attending relevant follow-up meetings. This typically takes us over ten hours the first year, which is a multi-thousand dollar value to clients. We take this seriously and we’ll do whatever we can to help you protect your business.
We’re also able to help solve problems that come up if your business fails to comply with the HIPAA specific IT security requirements.
For a practice with one location and less than 35 employees, it costs less than $5000/year. Larger practices pay more, but it scales fairly. Reach out if you would like more information on this.
Money is not the only cost for HIPAA compliance, the primary contact for the practice needs to commit time and effort into the process. The first year takes the longest and follow-up years are much easier. Compliancy Group paired with PK Tech assistance makes HIPAA compliance easier than ever.
Not complying with HIPAA, as mentioned above, includes the risk of fines and reputational damage that would make the investment for doing it the right way a fraction of what’s at risk.