Blog

Aug 06 2017 Who Is and Who is Not HIPAA Compliant?

By:

am-i-hipaa-compliant.jpg

Most people assume every organization has to comply with HIPAA legislation, but in fact it only applies to certain types of organizations within the healthcare sector. This means some of your associates may not be HIPAA compliant. You must ensure not only that you know who is and who isn’t HIPAA compliant, but also check that your employees know who has to comply.

What is HIPAA Compliance and Why Does it Matter?

The confidentiality regulations in the Health Insurance Portability and Accountability Act (HIPAA) are designed to keep identifying healthcare data private. If you run an organization or contact center in the healthcare industry, you must ensure that you keep your customers’ information confidential, which includes sharing it only with other providers who comply with HIPAA.

Who Is HIPAA Compliant?

Entities that are covered by HIPAA include medical providers, such as doctors and dentists, Healthcare plan providers are also covered, as well as healthcare clearing houses, which handle billing on behalf of healthcare providers.

Who Is Not HIPAA Compliant?

Some organizations that you might expect to be HIPAA compliant are not actually covered by the act. These include life insurance and workers’ compensation providers, schools and employers. Many of these organizations voluntarily follow HIPAA, but they don’t have to.

How to Ensure HIPAA Compliance in Your Organization?

If you handle data covered by HIPAA, you need to be very careful about sharing the data with other organizations, particularly ones that aren’t required to comply. It is required you remove identifying data and other protected information before sharing data with non-compliant entities.

Train your staff to understand which organizations follow HIPAA. They should know how to edit data before they share it with those that don’t comply. For example, they may be able to pass high-level data to a non-compliant organization, such as telling a life insurance provider a person passes particular screening tests, without sharing specific details.

One should note that some businesses in the healthcare industry are hybrid organizations. For example, parts of a hospital that treat patients may be required to follow HIPAA, while the research department is not. Hybrid organizations can cause some confusion, so be sure to educate your employees about this situation.

It’s important to have strong policies for reporting compliance problems within your organization and with your associates. Encourage employees to speak up whenever they suspect something is wrong and create a culture where managers pass problems up the chain of command so they can be addressed quickly.

Don’t set your HIPPA compliance policies and then forget them. Employees turn over and forget information that they received in training, so it’s important to repeat training regularly. By keeping your attention focused on HIPAA, you can ensure that your organization does not accidentally break any rules regarding the confidentiality of medical information.

Final Thought

Continual HIPAA compliance is a must for all healthcare organizations. If you can’t guarantee that every one of your employees understands company policies on HIPAA, you have a serious problem that must be addressed as soon as possible. It’s not enough for high-level executives to know how to comply with HIPAA; people on the ground must understand too, so they can avoid making mistakes that could lead to a violation of the law.