• Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

Call us at: 877-275-4545

Client or Partner? Login here
HIPAA Secure Now!HIPAA Secure Now!
  • Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

HIPAA Compliance: Will you have a good story?

August 29, 2013 Posted by Art Gross Policies and Procedures, Risk Assessment, Security Training No Comments

Here is a secret that compliance experts have known for a long time:

It is very difficult to be 100% compliant with HIPAA regulations

Of course, you have probably seen claims like these:

  • Buy our product and we will make you HIPAA compliant
  • Compliance in a box!
  • Be HIPAA compliant in 30 days!

Snake oil

 
HIPAA compliance is not about a single purchase, it is not about buying a product to be compliant. HIPAA compliance is a process. HIPAA compliance is about understanding where patient information is and figuring out how it should be protected. HIPAA compliance is an ongoing process that ensures an organization is constantly reevaluating how they are protecting patient information and continuing to seek ways to increase or refine the security of patient information.

Have a Good Story

You may be saying to yourself; “oh great this HIPAA stuff is even harder than I thought”. Not to despair!

It is true that being 100% HIPAA compliant, and staying 100% HIPAA compliant is difficult. In some cases it takes years to reach full HIPAA compliance and some organizations never get there. And if you get to 100% compliance all it takes is one employee to violate your policies or procedures and you are no longer 100% compliant. But all is not lost!

If you are concerned about being audited and having to show compliance with HIPAA regulations then make sure you have a good story to tell. Compliance, whether it is with HIPAA, OHSA, PCI, SOX, etc, is about showing that you have taken the federal regulations seriously. Let me be clear, I am not saying you should not strive to be compliant with government regulations, I am saying that audits reveal gaps in compliance. The size of the gap is what really matters.

You may be asking yourself; “what is a good story?” A good story is a response to the question “are you complying with government regulations?” Before we get to a HIPAA good story, let’s look at being pulled over for speeding on a highway.

The question: “Do you know why I pulled you over?”

  • Great story: “I don’t, I was going 63 mph and the speed limit is 65 mph, I set my cruise control to make sure that I stayed under the speed limit. I obeyed all traffic regulations and have driven carefully and I really have no idea why you pulled me over”
  • Good story: “You pulled me over because I was going 9 miles over the speed limit. Normally I stay within 4 miles of the speed limit and obey traffic regulations but my spouse just called and my daughter was hurt playing soccer and I am rushing to the hospital to see them.”
  • No story: “Yes I was speeding”

Each of the above stories may impact the penalty for non-compliance (obeying the speed limit). The Great Story shows that you are in compliance. The Good Story admits that you are not in compliance but demonstrates that you understand the requirements and have taken efforts to comply. The No Story demonstrates that you may be non-compliant but have no defense and have not shown any attempt to be compliant.

Let’s now look at what a good story is with regard to HIPAA compliance. A HIPAA audit is just like being pulled over for speeding. It gives you a chance to show your compliance with HIPAA regulations.

The question: “Have you complied with HIPAA regulations? Show us your HIPAA Risk Assessment, that you have implemented a Risk Management process, that you have HIPAA policies and procedures, that you have trained your employees on HIPAA security, that you have an incident response plan, that you have business associate agreements, that you implemented a disaster recovery plan, etc.”

  • Great story: You produce each of the requested items and can demonstrate that you are 100% in compliance with HIPAA regulations
  • Good story: You produce your Risk Assessment, you show that you have policies and procedures and have trained your employees. You explain that you plan on addressing disaster recovery in the next 6 months. You show that you have business associate agreements for most but not all of your business associates
  • No story: You cannot produce any of the requested items to demonstrate HIPAA compliance.

Once again your story may impact the penalty for non-compliance. No story means that you have simply ignored HIPAA requirements. This is referred to as Willful Neglect. Willful Neglect carries the highest financial penalties (up to $1.5 million). A Good story shows that you have taken HIPAA requirements seriously and that you have made an effort to comply with HIPAA regulations. If you are penalized the financial penalties should not be as high as with Willful Neglect. With a Good story you may not receive any financial penalties. The Great story shows that you are in compliance with HIPAA regulations and you should not receive any financial penalties.

So if you get pulled over (for speeding or HIPAA compliance) make sure you have a good story to tell!

[framed_box bgColor=”#ffd390″]

Free HIPAA Security Training!

All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.

Click below to watch a short video on our free HIPAA security training!

Now it is easy to train your employees on protecting patient information!


[/framed_box]
Tags: AuditBreachHIPAA FinePolicies and ProceduresRisk AssessmentSecurity Training
No Comments
Share
0

You also might be interested in

Introducing HIPAA Secure Now!

Feb 13, 2011

We are proud to announce the launch of the HIPAA[...]

Why perform a Risk Assessment?

Feb 15, 2011

A Risk Assessment is required in order to comply with[...]

Employee training might produce the best security ROI

Employee training might produce the best security ROI

Feb 21, 2011

There are countless security products on the market today. You[...]

Leave a Reply Cancel Reply

Recent Posts

  • HIPAA Security Policies
  • Restructuring the OCR
  • HIPAA: P for Portability
  • OCR Healthcare Report Released
  • HIPAA Compliance & Cybersecurity: How They Differ

Recent Comments

  • Milan on PHI or PII – What’s the Difference?
  • Automatic Backlinks on Free HIPAA Security Training!
  • Lisa Porter on Free HIPAA Security Training!
  • Roseanne ruiz on Health Apps & HIPAA
  • Roseanne ruiz on PHI or PII – What’s the Difference?

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011

Categories

  • Backup & Disaster Recovery
  • Business Associates
  • Client News
  • Download
  • Healthcare Industry
  • HIPAA
  • HIPAA Audits
  • HIPAA Violations
  • HSN News
  • Legal
  • MACRA
  • Policies and Procedures
  • Press Release
  • Remote Workforce
  • Risk Assessment
  • Scams
  • Security
  • Security Reminders
  • Security Training
  • Telehealth
  • Uncategorized
  • Webinar
  • Website

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact Us

  • HIPAA Secure Now
  • 55 Madison Ave, Suite 400 Morristown, NJ 07960
  • (877) 275 - 4545
  • info@hipaasecurenow.com

Find us on Social Media

Recent Posts

  • HIPAA Security Policies March 21, 2023
  • Restructuring the OCR March 14, 2023
  • HIPAA: P for Portability March 7, 2023
  • OCR Healthcare Report Released February 28, 2023
  • HIPAA Compliance & Cybersecurity: How They Differ February 21, 2023

Subscribe to our Newsletter

  • Hidden

© 2023 · HIPAA Secure Now!

Prev Next