HIPPA Compliance management can be convoluted and at times expensive. However, think again if you are not compliant, as its non-compliance can cost you a huge packet! Phoenix Cardiac Surgery P.C, a small Arizona physician group practice can testify to that. Because of a three-year federal investigation that began on February 2009, this small practice faces a $100,000 penalty for HIPPA violations. The violation occurred in the form of clinical and surgical appointments of patients posted on an Internet-based calendar that was publicly accessible.
As per the OCR, the main violators in this practice were failing to adequately safeguard patient information with necessary policies and procedures, and for failing to identify a security official. Non-maintenance of the records of the training that was imparted to the employees on the policies and procedures for conforming to the HIPAA regulations was another key violation. It also included the failure to carry out a risk analysis, and get a possession of the business associate agreements with its Internet-based e-mail and calendar services vendors.
While HIPPA compliance requires a health care provider to comply with the requirements of the privacy and security rules, its non-compliance can be a huge legal penalty and at times, can include substantial remediation costs. Leon Rodriquez, the director of the Office for Civil Rights (OCR), stresses that OCR expects committed HIPAA compliance “no matter what the size of a covered entity is.” This makes it all the more necessary for healthcare providers to be aware of their security policies procedures and infrastructure.
It is time to implement adequate administrative and physical safeguards and avoid the violations, like the ones committed by the Phoenix Cardiac Surgery P.C. You must adopt a completely automated and integrated solution that can meet the expectations of OCR optimally, and help you comply with the HIPPA compliance program. Among other measures, it is imperative to have a corrective action plan to conduct the necessary risk assessments and execute appropriate policies and procedures.
eGestalt’s SecureGRC, is an ideal solution with end-to-end automation for all your security, compliance, assessment, audit, and risk management needs. Knowing that you need to maintain compliance with HIPAA on a continuous basis, SecureGRC has a built-in support for HIPAA/HITECH that can ensure you are compliant at all times.