6 top HIPAA compliance myths and the truth
One of the biggest potential challenges when it comes to medical IT is HIPAA compliance. It’s true that HIPAA is a serious matter that you must handle with care. But don’t let concerns about HIPAA scare you away.
Here are 6 common HIPAA myths and the truth behind them.
Myth: You only have to think about it once
It would be nice if HIPAA was something you only had to deal with once. But it is not something you can put into place once and then forget about it.
In truth, HIPAA is an ongoing responsibility and companies need to continually monitor their own compliance. As with most types of issues that require attention and motivation, people may start taking shortcuts over time. Make sure your company has a well-defined and well-funded plan to address HIPAA compliance.
Myth: HIPAA violations only affect medical information
The entire purpose of HIPAA is supposed to be protecting the privacy of individual health data. But according to an article in CIO magazine, violations often reflect other security risks as well. Many companies have to outsource their IT and records management functions and not all companies are equally diligent.
A company that violates HIPAA regulations is also more likely to put other sensitive data at risk as well. Corporate security breaches, whether of HIPAA information or credit data, can result in significant fines and public relations nightmares. Read here to learn more about why you need a disaster recovery plan.
Myth: You don’t have to worry about enforcement
There’s more than one government agency in charge of enforcing HIPAA compliance. Several government agencies are obligated to ensure that companies are compliant with the law. Some of the government offices who check to make sure you’re compliant with HIPAA include the following:
- Office for Civil Rights
- Department of Justice
- State and federal attorneys general
- Federal Trade Commission
You don’t need to be terrified of the government’s involvement, but you also can’t take for granted that it will be okay at any point to take security management less seriously. If you need some outside help setting up a compliant system consider an expert IT consultant.
Myth: Only physical records and personal contacts matter
It’s true that you have to be mindful of privacy when discussing patient medical records. It’s also true that you have to protect the security of physical records. But even cloud-based storage systems need to be compliant with HIPAA regulation.
Related: HIPAA compliance in the cloud? 3 things you need to know.
Myth: Some people don’t have to worry about compliance
Everyone who comes into contact with medical records is responsible for maintaining their privacy. Some people may have the misconception that only the initial healthcare provider has to maintain the patient’s privacy. But in today’s healthcare climate, records can pass through many sets of hands.
According to Forbes, each person who has contact with patient records is responsible for keeping them private, including subcontractors, data centers, and other third parties. That also includes claims processors, data entry, utilization review, and practice managers, to name just a few.
Myth: Your data is too insignificant to matter
Some companies think that they’re too small to matter. They mistakenly think that hackers are only concerned with large companies or personal credit card information.
According to the blog Security Metrics, personal health information is much more valuable than credit card information. The former collects a couple hundred dollars for each health record, while credit card numbers only go for a dollar or two. Fortunately, there are best practices you can follow to protect your data, including updating software and improving staff training.
Being HIPAA compliant isn’t optional and it matters to every healthcare business. But with careful attention and good network security, you can protect both your patients and your business.
