Menu Content/Inhalt
Home arrow Information Security arrow HIPAA Compliance Get a second opinion
HIPAA Compliance: Get a second opinion | Print |  E-mail

Is Your Medical Practice HIPAA compliant?  Better Get A Second Opinion.

Image

Small medical practices and realities of HIPAA Security Compliance.

Raj Goel, CISSP, CTO Brainlink International, Inc.

/ 917-685-7731



The HIPAA regulations (Health Insurance Portability and Accountability Act) consists of 3 different sections.  Each with a different compliance date:

Sections
Compliance Date
Privacy
April 14, 2003
Transactions and Code Sets
October 16, 2004
Security
April 21, 2005

Most physicians, small practices and small hospitals started their HIPAA compliance efforts in sometime between 2001 and 2003. Quite a few organizations stopped there as well. 

Phased HIPAA compliance (Privacy in '03, Transactions in '04, Security in '05) led to HIPAA-overload.  Many practitioners are confused about HIPAA compliance, and mistakenly assume that HIPAA Privacy compliance is the same as HIPAA Security compliance.

The HIPAA Security Requirements Checklist

  1. Administrative Procedures
    1. Certification
    2. Formal Mechanism for Processing Records
    3. Contingency Plans
    4. Chain of Trust
    5. Information Access Control
    6. Internal Audit
    7. Personnel Security
    8. Security Configuration Management
    9. Security Incident Procedures
    10. Security Management Process
    11. Termination Procedures
    12. Training
  2. Physical Safeguards
    1. Assigned Security Responsibility
    2. Media Controls
    3. Physical Access Controls
    4. Policy and Guidelines on Workstation Use
    5. Secure Workstation Location
    6. Security Awareness Training
    7. Communications Controls and audits
  3. Education & Training
  4. Documentation of HIPAA Security Compliance
HIPAA Penalties

HIPAA compliance penalties for failure to comply with the standards or to rectify a security issue might result in:

  1. $ 100 - $25,000/person for a single standard in a year per violation
  2. Knowing misusing PHI up to $ 50,000 and/or 1 year in prison
  3. Misuse under false pretenses up to $ 100,000 and/or 5 years in prison
  4. Misuse with intent to sell or use for commercial gain $ 250,000 and/or up to 10 years in prison
  5. Negative Publicity
Did you know that
  • HIPAA lawsuits have already been filed against hospitals, nursing homes, small practices and solo practitioners?
  • If your practice accepts credit cards, you need to meet CISP requirements as well? 

 Ask yourself, as Business Owner:

  • Do you have the people and skills required to meet these requirements?
  • Can you afford to pay the HIPAA penalties?
  • Who is accountable within your organization for civil penalties incurred?

You should focus on running your business and let Brainlink address your HIPAA compliancy.
Last Updated ( Thursday, 06 April 2006 )
 

Latest Events

No Latest Events