• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Boost IT

Boost IT

Managed IT Services, Cyber Security, Network Support - Atlanta, Dunwoody, Buckhead

  • SERVICES & SOLUTIONS
    • Take an IT Self-Assessment
    • Take a Cybersecurity Self-Assessment
    • One IT Question
    • IT SECURITY >
      • Cybersecurity Assessment
      • HeatShield Perimeter Firewall
    • IT MANAGEMENT >
      • 24/7 Help Desk Support
      • Managed IT Support
      • Mobile Workforce
      • Software Updates
      • Remote Server Monitoring
      • Wi-Fi
    • IT CONSULTING >
      • IT Insight & Ongoing Guidance
      • vCIO – Virtual CIO
    • CLOUD >
      • Backup & Restore Data Quickly
      • Microsoft Office 365 & E-mail
      • Cloud File-Sharing Platform
      • Business Phone System
    • Transition to Boost IT
    • IT Assessment Checklist
    • Frequently Asked Questions
  • OUR CLIENTS
    • Engineering
    • Financial Services
    • Healthcare
    • Real Estate Development
    • Projects
    • Testimonials
  • OUR TEAM
    • Our Proven Process
    • Our Partners
  • BLOG
  • CONTACT
    • Book a Meeting
    • Client Portal
    • Remote Support
You are here: Home / Cyber Security / 6 Steps to Avoid HIPAA Fines

6 Steps to Avoid HIPAA Fines

December 22, 2015 by Boost IT

Avoid HIPAA Fines

In 2016 we will see more HIPAA audits and increased HIPAA fines. In 2015, there were 10 times more audits than in the last 10 years combined and currently 70% of healthcare organizations would fail an audit. This article in Healthcare IT News is an indication of what’s coming.

Here are the 6 Steps to avoid HIPAA fines.

Most Common Mistakes

The two most common mistakes a practice makes in becoming HIPAA compliant is:

  1. thinking that a risk analysis is enough
  2. having an insufficient set of written policies

The rules put forth by the government to comply with HIPAA laws are complex and all of them need to be addressed.

What does the HIPAA law require?

The HIPAA Privacy regulations require health care providers and their business associates to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. What does that look like?

  1. Risk Analysis (the discovery of deficiencies that a practice has with relation to the HIPAA Privacy and Security Rule),
  2. Risk Management (the remediation of the deficient items),
  3. Policies and procedures addressing each section of the Privacy and Security Rule,
  4. Vendor management (making sure proper Business Associate Agreements and assurances that the Business Associate is complying with the HIPAA Security Rule are in place)
  5. the staff has attested to each privacy and security policy and they have taken a HIPAA 101 training course and successfully attest they understand the basics of HIPAA

How to Avoid HIPAA Fines?

The best way to avoid being fined by an auditor is to show due diligence. What is that? It is making a good faith effort in complying with the rules, documenting all findings, and being able to show anyone your compliance plan and efforts.

Detailed HIPAA fines or penalties can be found at the American Medical Association.

The 6 Steps:

  1. You must have a risk analysis that audits you for administrative risk (policies and procedures), technical risk (how are you safeguarding the access to and protection of ePHI that resides on your systems), and physical risk (assessing how you are protecting the data within the four walls of your site or sites.
  2. You must remediate (fix) all deficiencies that were found during the risk analysis and document what you did to resolve the deficiency.
  3. You must have policies and procedures covering all aspects of HIPAA Privacy and Security and HITECH (breach notification).
  4. You must educate your staff with training and track their attestation that they understand all the new policies and procedures you have put into place to safeguard protected health information.
  5. You must identify your business associates (BA) and make sure you
    have up to date BA agreements in place. If possible get assurances the BA you share data with is complying with the HIPAA Security Rule.
  6. Finally you need to create a culture of compliance that everyone takes HIPAA and safeguarding ePHI to a different level of protection.

Contact us at 404-865-1289 if your healthcare organization needs a risk assessment or compliance support. Some information courtesy of The Compliancy Group.

Filed Under: Cyber Security, Healthcare Tagged With: HIPAA

Connect With Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Footer

Next Steps

Start with the SOLUTIONS menu above.

Take an IT Self-Assessment.

Take a Cyber Security Self-Assessment.

Read Case Studies about how we’ve helped our clients transform their companies.

View Testimonials from current clients.

Review some of our Projects.

Featured Posts

How To Choose a New Laptop

How To Create a Shared Calendar in Outlook & Microsoft 365

17 New Cyber Liability Insurance Questions Your Provider Will Ask

Atlanta Real Estate Firm Gets Ransomware

Why Hackers Target Small Businesses

Cloud File Sync and Share Provides Speed and Efficiency

Office Location

© 2000–2022 · Boost IT, LLC · Coverage Area

  • SERVICES & SOLUTIONS
  • OUR CLIENTS
  • OUR TEAM
  • BLOG
  • CONTACT