The Rheumatologist
COVID-19 NewsACR Convergence
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
      • Gout Resource Center
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Resource Centers
    • Axial Spondyloarthritis Resource Center
    • Gout Resource Center
    • Psoriatic Arthritis Resource Center
    • Rheumatoid Arthritis Resource Center
    • Systemic Lupus Erythematosus Resource Center
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
    • Interprofessional Perspective
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
    • Electronic Health Records
    • Apps
    • Information Technology
    • From the College
    • Multimedia
      • Audio
      • Video
  • Resources
    • Issue Archives
    • ACR Convergence
      • Gout Resource Center
      • Axial Spondyloarthritis Resource Center
      • Psoriatic Arthritis
      • Abstracts
      • Meeting Reports
      • ACR Convergence Home
    • American College of Rheumatology
    • ACR ExamRheum
    • Research Reviews
    • ACR Journals
      • Arthritis & Rheumatology
      • Arthritis Care & Research
      • ACR Open Rheumatology
    • Rheumatology Image Library
    • Treatment Guidelines
    • Rheumatology Research Foundation
    • Events
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / How to Maintain HIPAA Compliance

How to Maintain HIPAA Compliance

September 1, 2016 • By Kelly Tyrrell

  • Tweet
  • Email
Print-Friendly Version / Save PDF

In 2010, the federal government published a guide, titled Basic Security for the Small Healthcare Practice, complete with best practices and checklists to help small providers achieve and maintain HIPAA compliance.1

You Might Also Like
  • HIPAA Audit Activities Increase in 2016
  • Preparing for Increased HIPAA Audits Among Smaller Rheumatology Providers
  • HIPAA Security Standards: What Rheumatologists Need to Know
Also By This Author
  • Rheumatology Advocates to Visit Capitol Hill

This year, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR)—following a critical report of its HIPAA compliance audit and enforcement practices—is focusing on audits of covered entities (including physicians) of all sizes and their business associates.2

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

Legal Advice
Rachel Yaffe, a healthcare attorney with McDonald Hopkins LLC, suggests physicians utilize the checklists in the guide to “do an internal check-up, to see whether you’re hitting these big-ticket items and following policies and procedures.”

Consulting a healthcare attorney with HIPAA compliance expertise is one way for physicians to ensure they are ready to undergo an audit, which can carry penalties if the OCR finds violations of the HIPAA Privacy, Security and Breach Notification Rules.

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE

Ms. Yaffe also indicated physicians must have written HIPAA policies and protocols in place and train their employees and staff. They must also have a designated privacy officer. A risk analysis of the practice could help in the event of an audit.

“If you are investigated and you can show you’ve taken internal proactive measures to comply with HIPAA, that will be positively received by the OCR,” Ms. Yaffe says.

Ms. Yaffe adds that the OCR’s expectations are tailored to the nature and size of the particular practice being audited. “The OCR recognizes that the policies, procedures and technologies implemented by a small physician practice are going to be different than those implemented by a large health system.”

ad goes here:advert-3
ADVERTISEMENT
SCROLL TO CONTINUE

One Rheumatologist’s Point of View
Richard Brasington, MD, FACP, professor of medicine and rheumatology fellowship program director at Washington University in St. Louis School of Medicine, has seen his hospital take a number of steps to ensure compliance, which include implementing a HIPAA-secure email system and establishing a patient portal for patient–provider communications.

“I do think it’s good for us to be attentive and always be thinking about how we are protecting patient privacy and confidentiality,” he says of the OCR audits. “But I don’t think anyone finds they never make violations.”

However, he believes most health professionals already strive to protect patient health information. “We can’t be looking over our shoulder constantly,” he says. “We should be using common sense when protecting patient information.”

The Trouble with Texting
Texting, Ms. Yaffe says, is one way physicians leave themselves vulnerable; for example, “the on-call physician texting the treating physician Patient X’s protected health information, albeit in an effort to better Patient X’s care,” she says. “Many are communicating using personal cell phones, which are likely not secure.”

Pages: 1 2 | Single Page

Filed Under: Legal, Practice Management, Professional Topics Tagged With: HIPAA audit, HIPAA compliance, Office for Civil Rights

You Might Also Like:
  • HIPAA Audit Activities Increase in 2016
  • Preparing for Increased HIPAA Audits Among Smaller Rheumatology Providers
  • HIPAA Security Standards: What Rheumatologists Need to Know
  • Phase 2 of HIPAA Audit Program Launches

Simple Tasks

Learn more about the ACR’s public awareness campaign and how you can get involved. Help increase visibility of rheumatic diseases and decrease the number of people left untreated.

Visit the Simple Tasks site »

American College of Rheumatology

Visit the official website for the American College of Rheumatology.

Visit the ACR »

ACR Convergence

Don’t miss rheumatology’s premier scientific meeting for anyone involved in research or the delivery of rheumatologic care or services.

Visit the ACR Convergence site »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use / Cookie Preferences

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2023 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)