Lab19 IT Consulting has years of experience creating HIPAA compliant systems for our clients. Focusing on security for both you and your clients, we create solutions and connect you with the best vendors available to help bring you an end-to-end solution.
New HITECH Act Requirements and Audits (Active October 2014)
As of October 2014, it is now mandatory that any systems dealing with the health care industry comply with the new legislation include within the HITECH Act. The Office of Civil Rights will audit, and investigate areas of concern focused on the level of compliance for both covered entities and business associates.
Any violations will result in penalties ranging from $100 to $50,000 per violation, and can cost firms up to $1.5 million per year.
Signs you may not be HIPAA Compliant
Network and Computers:
How secure is your internal business network, including all computers and mobile devices?
- Are your computers Patched?
- Do you have the latest Antivirus, Anti Malware, and Anti Spamware protection?
- Are you running the latest operating system on your phone or tablet?
- Are you sending PHI via unencrypted email?
Business Process and Day-to-Day Activities:
Often HIPAA violations can come from day to day activities you would never think of.
- Does your business use Flash Drives?
- Do your employees message each other using systems such as Instant Messenger, Google Chat, Facebook, or text?
- Does anyone in your business use DropBox?
Policies, Procedures, and Paperwork:
Would you survive a simple Audit?
- Have you clearly documented your HIPAA compliance training and maintenance?
- Do you have your policies and procedures readily available for your employees?
- How much time do you spend creating HIPAA mandated reports?
What does HIPAA say?
The HIPAA Security Final Rule states:
- 45 C.F.R. § 164.308(a)(1)(ii)(A) Risk Analysis: Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization].
- 45 C.F.R. § 164.308(a)(1): Security Management Process standard in the Security Rule requires organizations to:
- assess potential risks and vulnerabilities to electronic PHI that it maintains or transmits;
- develop, implement and maintain appropriate security measures” given those anticipated risks; and
- document those measures and keep them current
This means that a HIPAA Risk Assessment is required of any organization that deals with protected health information. A Risk Assessment is also required for any organization looking to receive incentives from the Medicare and Medicaid Electronic Health Care Record (EHR) Incentive Programs.
How Lab19 can help
- Risk Assessment of your Networks and Computers
- Risk Assessment of your Business Process and Day-to-Day Activities
Lab19 is HIPAA compliant and is willing to sign a BAA (Business Associate Agreement). The BAA is required of the IT provider if the HealthCare Provider wants to remain in compliance.