• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
cropped BoostIT Invoice Logo scaled 1 e1642102882713

Boost IT

IT Management & Cybersecurity

  • SERVICES
    • IT MANAGEMENT >
      • Take an IT Self-Assessment
      • IT Assessment
      • 24/7 Help Desk Support
      • Remote Workforce
      • Software Updates
      • Remote Server Monitoring
      • Reporting & Documentation
      • Wi-Fi
    • CYBERSECURITY >
      • Take a Cybersecurity Self-Assessment
      • Cybersecurity Assessment
      • Endpoint Detection & Response
      • Multi-Factor Authentication (MFA / 2FA)
      • Security Operations Center (SOC) Support
      • HeatShield Perimeter Firewall
    • IT CONSULTING >
      • vCIO – Virtual CIO
    • CLOUD >
      • Data Backup & Disaster Recovery
      • Microsoft Office 365 & E-mail
      • Cloud File-Sharing Platform
      • Business Phone System
    • Frequently Asked Questions
  • OUR CLIENTS
    • Engineering Firms
    • Financial Services Firms
    • Healthcare Companies
    • Law Firms
    • Non-Profits
    • Real Estate Firms
    • Testimonials
    • Transition to Boost IT
  • OUR TEAM
    • One IT Question
    • Our Proven Process
    • Our Partners
  • BLOG
  • CONTACT
    • Book a Meeting
    • Client Portal
    • Remote Support
You are here: Home / Cybersecurity / 6 Steps to Avoid HIPAA Fines

6 Steps to Avoid HIPAA Fines

December 22, 2015 by Boost IT

hipaaLogo1

In 2016 we will see more HIPAA audits and increased HIPAA fines. In 2015, there were 10 times more audits than in the last 10 years combined and currently, 70% of healthcare organizations would fail an audit. This article in Healthcare IT News is an indication of what’s coming.

Here are the 6 Steps to avoid HIPAA fines.

Most Common Mistakes

The two most common mistakes a practice makes in becoming HIPAA compliant is:

  1. thinking that a risk analysis is enough
  2. having an insufficient set of written policies

The rules put forth by the government to comply with HIPAA laws are complex and all of them need to be addressed.

What does the HIPAA law require?

The HIPAA Privacy regulations require healthcare providers and their business associates to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. What does that look like?

  1. Risk Analysis (the discovery of deficiencies that a practice has in relation to the HIPAA Privacy and Security Rule),
  2. Risk Management (the remediation of the deficient items),
  3. Policies and procedures addressing each section of the Privacy and Security Rule,
  4. Vendor management (making sure proper Business Associate Agreements and assurances that the Business Associate is complying with the HIPAA Security Rule are in place)
  5. the staff has attested to each privacy and security policy and they have taken a HIPAA 101 training course and successfully attest they understand the basics of HIPAA

How to Avoid HIPAA Fines?

The best way to avoid being fined by an auditor is to show due diligence. What is that? It is making a good faith effort in complying with the rules, documenting all findings, and being able to show anyone your compliance plan and efforts.

Detailed HIPAA fines or penalties can be found at the American Medical Association.

The 6 Steps:

  1. You must have a risk analysis that audits you for administrative risk (policies and procedures), technical risk (how are you safeguarding the access to and protection of ePHI that resides on your systems), and physical risk (assessing how you are protecting the data within the four walls of your site or sites.
  2. You must remediate (fix) all deficiencies that were found during the risk analysis and document what you did to resolve the deficiency.
  3. You must have policies and procedures covering all aspects of HIPAA Privacy and Security and HITECH (breach notification).
  4. You must educate your staff with training and track their attestation that they understand all the new policies and procedures you have put into place to safeguard protected health information.
  5. You must identify your business associates (BA) and make sure you
    have up to date BA agreements in place. If possible get assurances the BA you share data with is complying with the HIPAA Security Rule.
  6. Finally you need to create a culture of compliance that everyone takes HIPAA and safeguarding ePHI to a different level of protection.

Contact us at 404-865-1289 if your healthcare organization needs a risk assessment or compliance support. Some information courtesy of The Compliancy Group.

Filed Under: Cybersecurity, Healthcare Tagged With: HIPAA

Connect With Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Primary Sidebar

Have questions about cybersecurity?

We've successfully protected Healthcare, Legal, Financial Services, Engineering, Manufacturing, Non-Profit & Real Estate Development organizations for over 20 years.

Click below to see the questions on your next cyberinsurance application!

See the cyberinsurance application

Footer

Next Steps

Start with the SERVICES menu above.

Take an IT Self-Assessment.

Take a Cybersecurity Self-Assessment.

Read Case Studies about how we’ve helped our clients transform their organizations.

View Testimonials from current clients.

Featured Posts

The Importance of Email Encryption: Safeguarding Your Digital Communications

IT Consultation Services: Unlocking the Power of Expertise in a Tech-Driven Era

Demystifying the World of Cybersecurity Consulting: A Comprehensive Guide

IT Management Benefits: A Guide to Maximizing Efficiency and Productivity

Email Communication Security: Safeguarding Your Digital Conversations

Expert IT Consultation: Navigating the Digital Landscape with Confidence

Office Location

© 2000–2023 · Boost IT, LLC · Coverage Area

  • SERVICES
  • OUR CLIENTS
  • OUR TEAM
  • BLOG
  • CONTACT