Let’s quickly review why the Office of Civil Rights fined Phoenix Cardiac Surgery $100,000.
- Lack of HIPAA Policies and Procedures
- Lack of HIPAA training for all workforce members
- Lack of a HIPAA Security Risk Assessment
- Lack of assigning the role of HIPAA security official / officer
- Lack of Business Associate Agreements
How HIPAA Secure Now! would’ve helped
Phoenix Cardiac Surgery is a small practice with 5 physicians and less than 50 employees. The HIPAA Secure Now! service for this size organization is $1,750. Let’s take a look at how the HIPAA Secure Now! service would’ve helped Phoenix Cardiac Surgery.
The HIPAA Secure Now! service provides the following to help organizations comply with the HIPAA Security Rule:
- Written Policies and Procedures. The Policies and Procedures are provided via our HIPAA compliance portal that all employees can access. Each Policy and Procedure has a brief overview as well as a video that helps explain the Policy
- HIPAA security training for all employees. Once employees complete the security training, they take a brief HIPAA security compliance quiz in which they must get an 80% or better grade. Employees can take the quiz as many times as they need to get a passing score. The administrator can access the compliance reports that shows when employees took the training and what score each employee received.
- Employees are also given access to our HIPAA Security Tips and Reminders which provide the required periodic security reminders to help employees remember to protect patient information
- A complete and thorough HIPAA Risk Assessment that looks at where patient data is stored, how it is being protected and provides recommendations for additional security protections
- The HIPAA Risk Assessment stresses the need to have Business Associate Agreements in place as well as request proof from Business Associates that they have the necessary safeguards in place to protect patient data
- The HIPAA Risk Assessment stresses the need to appoint a HIPAA security official / officer
It should be clear that if Phoenix Cardiac Surgery used the HIPAA Secure Now! service they would have had many of the safeguards in place and would have avoided a lot of the $100,000 fine. In hindsight, I am sure they would agree that $1,750 is a small price to pay to avoid $100,000 of fines.