10 HIPAA mistakes practices must avoid

Practices that send  e-mail appointment reminders, upgrade their technology, or contract with third party vendors should beware. Absent proper protocols, such actions can expose providers to risk.

Indeed, compliance with the Health Insurance Portability and Accountability Act (HIPAA) is now far more complex than it was before regulators cracked down, delivering bigger fines and aggressive enforcement.    

“I think many practices are looking at HIPAA as it used to be and enforcement as it used to be and we don’t live in that world anymore,” says Jeffrey Zeskind, MS, chief executive officer of HIPAA-Consultants.com, a privacy compliance consulting firm in Miami, Florida. “There are a lot of hospitals, clinics and medical groups out there hoping they don’t get any attention from the government and that’s foolhardy. In the event of an audit, good intentions aren’t enough.” 

 

7 ways to prepare for 2016 HIPAA audits

Despite widespread awareness of the need to store and send sensitive patient data securely, physicians and practices run afoul of HIPAA rules on a regular basis, which opens the door to both civil and criminal penalties. Others invite formal complaints by failing to communicate with patients effectively and undertraining their staff. 

Indeed, as more audits are conducted and penalties grow more severe, practices must put safeguards in place to protect not just their patients but themselves. To that end, it helps to explore the HIPAA mistakes that ensnare healthcare providers most often, but are easy to avoid.

Internal server error