The guidelines for HIPAA and HITECH compliance are complex and include enforcement that all providers must understand and practice in order to remain compliant. Providers must raise their awareness of privacy protection and doing so means taking all precautions necessary to prepare for potential breaches before they occur.

Clients trust VCPI to help stay up-to-date with ever-changing industry policies. The industry comes complete with a long list of compliance issues, and observation of those requirements is imperative in order to protect your business and reputation. 

Ten steps to help protect your reputation:

1. Assign a HIPAA Compliance Officer if you don’t have one already, who is trained and well-versed with HIPAA, compliance, and the HITECH Act.
2. Incorporate the Breach Notification Standards into your existing HIPAA compliance program.
3. Take an inventory of all assets on which PHI resides.  Be sure to include items like USB drives, portable devices (PDAs, cell phones, etc.), and all other mobile media devices.
4. Take an inventory of all roles and people who share PHI in various forms: paper, email, text messages, verbally, fax, etc.  Reduce the number of roles, people, and assets requiring PHI to a bare minimum. Assign people to roles and create an electronic means of limiting access to PHI by these roles.
5. Ban text messaging involving PHI.
6. Make training a requirement of continued employment. Conduct training, track completion, and refresh training on a regular basis.  
7. Encrypt portable devices and create a monitoring and maintenance program.  
8. Create and enforce processes that prevent PHI from leaving your organization.   If an employee is taking backup tapes offsite to his or her house, that’s a major risk. Ban the practice and contract with an encrypted, business-class service provider who is well versed in PHI.  
9. Update your business associate agreements and educate them regularly.  
10. Audit assets and document compliance regularly.  

View All Concerns