Business Law Breakdown: Helpful HIPAA Hints

My firm and I do a lot of work for a variety of healthcare organizations. These organizations include hospitals, physician groups, and individual physicians. Every single healthcare professional I’ve ever worked with understands the importance of making sure the patient’s protected health information is kept safe and secure and is not disclosed accidentally to some unauthorized third person. It’s critically important from both the organization’s standpoint and from the viewpoint of the members of the executive team that you do everything you can to make sure that you are fully HIPAA-compliant.

Dealing with a HIPAA Violation

Unfortunately, many times and in many situations, the first phone call I get from a client about a HIPAA problem is after that HIPAA problem has already come up. There are a number of things that my partners and I can do at that point that can help minimize the impact of that HIPAA violation. We can help you do a risk analysis that may eliminate the need for an expensive and embarrassing notification process, we can help you draft a mitigation plan that may reduce the impact of that HIPAA violation on your operation, and we can certainly negotiate and defend against any compliance action that the state of Texas or the Federal government is threatening to bring against you or your organization.

Preventing a HIPAA Violation

But there are a lot of things that you and your organization can do to prevent a HIPAA violation from ever occurring in the first place.

• Security: Have your IT professionals on a regular basis do analysis and evaluation of the security, risks, and capabilities of every part of your system—all your laptops, all your desktops, all your computers, and of all your software.
• Policies and procedures: Make sure that you have in place a comprehensive set of policies and procedures that details how your organization protects against, handles, and mitigates a connection with any HIPAA violations. One of the most effective tools that you have available to you if the state of Texas or the federal government comes calling is an effective and comprehensive set of policies and procedures that have been in place and have been implemented.
• Employee training. Train your employees when you first hire them in connection with their HIPAA obligations and responsibilities, and in connection with the policies and protocols that you have in place that deal with HIPAA. Then, on a regular basis after their initial hire, conduct retraining.

So, security evaluations, drafting policies and procedures, employee training, risk analysis, and mitigation plans—these are all important steps that you can and should take to minimize the chance that you will be subject to potentially devastating HIPAA violation sanctions in the future, and these are all steps we can help you with.

For more information on this topic, contact us today.