22 May 2018
When the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, the world of health care was considerably different. Electronic health records were in their infancy, data interoperability simply meant sharing photocopies of clinical information via fax or mail, and the concept of a cybersecurity threat was nearly non-existent in the world of healthcare.
Although your organization likely has policies that govern HIPAA requirements and compliance procedures, how long has it been since you took a close look at them? Given all the changes in healthcare and the lightning fast pace in which they are evolving, it may be wise to delve deeper into HIPAA and give your compliance program a refresh.
To get a full appreciation of where HIPAA compliance applies, it’s important to first document all the information sharing that occurs within your organization’s walls as well as with outside vendors, other healthcare organizations and any business associates. Note how these exchanges are happening—via email, on paper, text message and so on—and see how they may have evolved since the last time your HIPAA policies were reviewed. It may be helpful to create a table or matrix to track the various communication avenues and whether they are secure. Get as detailed as possible, as this will ensure you identify any gaps and risk points.
This group should include diverse stakeholders from the organization, such as clinical, administrative and technical representatives. The team should collaborate on how to address any HIPAA compliance shortfalls and consider administrative, physical and technical controls, like revised policies, updated procedures, and encryption or other security-preserving technology. By involving a HIPAA expert like Stericycle, additional guidance and information about HIPAA applicability, compliance risks and mitigation strategies can be provided to further support compliance efforts.
As healthcare becomes more transient and organizations start to pursue value-based models that depend on robust exchange of patient information, it is essential to be clear about what HIPAA requires. There are common misunderstandings around the legislation, and you need to be certain you are following the rules without unnecessarily tying your hands regarding information exchange.
Discover how Stericycle can help you better navigate HIPAA compliance.
Interested in Our Solutions? We Can Help
Sign up to receive Stericycle’s latest news, tips and offers to help your business remain compliant
Which solution interests you?