HIPAA/HITECH


With HIPAA Audits looming, medical practices are far from compliant.
A recent national survey with Porter Research and The Daniel Brown Law Group, found  the following statistics. The survey of more than 1,100 healthcare professionals, found medical practices and billing companies are struggling to comply with regulations under the Health Insurance Portability and Accountability Act (HIPAA).

  •  Over 66% of respondents were unaware of HIPAA Audits;
  •  Only 34% had conducted a risk analysis;
  •  Less than 35% of administrators felt confident of their HIPAA compliance;
  •  Less than 25% of practices had evaluated their Business Associate Agreements;
  •  Only 50% of medical practice staff had reported receiving HIPAA compliance training in the last year.

It’s staggering, as well as alarming that a little over twenty years after the Act that so many medical practices and professionals are both unprepared and unaware of their critical responsibilities when it comes
to HIPAA regulations and compliance.     
    
Understanding and complying with HIPAA regulations can be difficult
for medical practices and billing companies. It's troubling to observe that so many practices aren't sufficiently participating in training programs
for their staff. If an audit were to occur at a particular practice, one of
the biggest red flags is that the staff is unaware of the HIPAA compliance plan and policies and what their role and responsibility is in it. 

What your staff is unaware of can become very costly and damaging to an organization. Annual, generalized, privacy and security training simply does not suffice.

Lack of adequate staff training is one of the most commonly cited violations with recent enforcement activities and is always greatly emphasized in the plans of correction by OIG.

HR Advisory Group Ltd offers the expertise and experience that Covered Entities need to meet and maintain regulatory compliance requirements. Whether establishing a new Compliance Program, evaluating the effectiveness of a current program, or assisting in the monitoring or maintenance of an existing program, our consultants and partners work
in close collaboration with the members of your organization to maximize strategies, resources and benefits.

We offer a step by step program walking you through the entire HIPAA compliance process along with all the forms, agreements, policies and procedures, documents and best practices needed to successfully implement HIPAA compliance strategies within your organization.

HIPAA requires a very structured and systematic, although customized strategy and approach. Every aspect and component of our programs 
are custom designed for your organization, and our team and partners work collaboratively with your team members. Offering HIPAA compliance services on a national basis, we never offer "cookie cutter" or "one size fits all" solutions. Our customized HIPAA Compliance will be individualized to your organization's unique needs, whether you are a single physician or smaller practice, or a larger healh system or hospital and may include any or all the following:
 
  • Formal HIPAA Privacy Risk Assessment, Formal HIPAA Security Risk Assessment, Breach Risk Assessment, Gap Analysis, and Management;
  • Vulnerability Remediation Plans;
  • Administration of HIPAA privacy and security audits for Covered Entities and Business Associates;
  • HIPAA Effectiveness Assessments;
  • Business Associate Management;
  • Customized HIPAA Training, Program and Policy Development
  • HIPAA Data Breach Guidelines, Incident Response, Risk Management; Policies and Procedures; Investigative Protocols;
  • HIPAA Documentation Programs, Checklists; HIPAA Privacy, HIPAA Security and Attestation for CE's and BA's;
  • Attorney drafted and executed Business Associate Agreements;
  • Employee Non-Disclosure (NDA) and Confidentiality Agreements;
  • ​Corporate Integrity Agreements and Oversight;
  • Code of Conduct; Ethics Program and Training; Conflicts of Interest;
  • HIPAA Privacy and Security Consulting and Breach Investigations
  • Annual Reviews and Updates to existing policies, programs and notices;
  • Outsourced and Interim HIPAA Privacy and Security Officer Services; Support Services to existing Compliance and Privacy Officers;
  • ​Compliance Hotline Service;
  • Development and selection of HIPAA Compliance Committees and Board Members;
  • Conduct ongoing research and monitoring of applicable federal and state regulations;
  • Provide ongoing risk management best practices and compliance trends and practices.;
  • Proper hiring, screening, and onboarding processes and procedures;
  • Grievance Procedure, Protocol, and Implementation; 
  • Performance Management Design, Process, and Implementation;
  • Disciplinary Action Process, Protocol, and Implementation;
  • The final phase of our program includes communication and the education of management and staff to incorporate the new HIPAA program into the organization's culture.

Are you prepared for a breach? Do you have the privacy, security, and adminsitrative policies, protocols, training procedures, legal agreements, human resource practices, updated notices and documentation processes in place for compliance and to properly and adequately manage a breach under HIPAA regulations? In 2016, all $24,000,000 in fines cited failure to either have or enforce policies and procedures. Lessons from 2017 enforcement actions have also highlighted the critical importance of having clear and comprehensive policies and procedures, as well as adequate Risk Analysis procedures and remedial strategies that employees have been rigorously trained on.    

Maintaining the privacy and security of patient health data is a complex undertaking that involves every employee and business associate of a healthcare organization, every aspect of its IT system, personnel processes, as well as every vendor, partner, and insurer that works with the organization.


For a copy of our HIPAA Brochure, HIPAA Checklists,
more information about our HIPAA services, or to schedule
a consultation, risk analysis, or training please call
(214) 538-9798 or fill out our secure contact form
with your request.

Your information is always kept confidential and secure.

Privacy regulations under HIPAA (Health Insurance Portability and Accountability Act of 1996) and the most recent HITECH Act updates to 
HIPAA impose strict obligations and requirements on health care providers, health insurance plans, healthcare clearinghouses, and their Business
Associates, as well as any employer who sponsors a group health plan for
their employees to protect the privacy and security of protected health
information (PHI) and provide civil, economic and potentially even criminal penalties for those who violate the law. 

Covered Entities must develop compliance programs to minimize the chances
of inappropriate access to and disclosure of protected health information.

The Rule mandates an annual, comprehensive, company wide, HIPAA Security Risk Assessment, Staff Training, Business Associate Agreements, and other complex requirements.

Since its inception in 1996, HIPAA laws and regulations have become far 
more complex with the addition of the HIPAA Security Rule, the HIPAA Enforcement Rule, the Breach Notification Rule, the HITECH Act, and most recently, the final regulation implementing the HITECH Act’s HIPAA modifications.

Many states have their own healthcare laws and regulations, some of which
are more stringent than HIPAA. 2017 has demonstated that State Attorneys
General are increasingly exercising their right to pursue financial penalties for breaches under applicable state healthcare and privacy laws, as evidenced by settlements in California, New Jersey, Vermont, Massachusetts, and New York, with more expected to follow suit.

Now is the time for organizations to evaluate their compliance program and
make certain they are in step with all of the federal, as well as their particular state requirements.    

The complexities of patient privacy have also increased tremendously with electronic medical records (EMR), increasing use of mobile devices, social
media and complex cybersecurity issues. With increased regulations, changes,
and increasing criminal and complex cybersecurity breaches, it is critical to properly incorporate HIPAA requirements into daily operations, not only to ensure regulatory compliance and avoid fines and penalties, but also to provide and assure each patient a high level of comfort and security in knowing that
their most private and confidential information is vigilantly protected and
guarded by a responsible, respectful, compliant, and ethical healthcare provider.

Studies have demonstrated that a large percentage of patients will seek new healthcare providers if theirs falls victim to a breach.

​HIPAA rules have brought a needed awareness for patient privacy, but at the same time much of the law is hazy with areas often needing legal interpretation. 

Many people overthink HIPAA and take it to extremes. When the law is
unclear and healthcare professionals can be concerned about self-protection,
staff members can go to unreasonable and even unwise extremes when interpreting the rules.
 
Interpretation errors, even when on side of caution, aren’t
necessarily good for the patients and can actually infringe upon
their rights. Incorrect interpretations of this law can actually work against the people it was designed to protect, the patients. At times, withholding information does not protect anyone and may actually
be a violation of the patient’s rights. 

HR Advisory Group Ltd's executive leadership team has drawn upon its
extensive background in healthcare, law, auditing, regulatory compliance, risk management, technology, and human resources, with the vision of assisting Covered Entities of all sizes achieve simple and cost effective HIPAA Compliance.

HR Advisory Group Ltd's HIPAA experts have an in-depth understanding of
the complex federal and state laws regulating how PHI in its various forms – verbal, written and electronic – must be secured and handled, and they have extensive experience in providing comprehensive health information privacy
and security solutions to covered entities and their business associates.

​Far too many CE's mistakenly believe that their IT systems and processes handle all their HIPAA compliance issues, when in fact
the IT system security is only a part of a comprehensive HIPAA Privacy and Security Compliance Program. 

Many health providers believe that by honoring their legal obligation of maintaining client confidentiality, they will be within HIPAA regulatory guidelines. In addition, many also believe that if their electronic health record provider assures HIPAA compliance, they will HIPAA compliant.

Unfortunately, these are two commonly held  and dangerous beliefs, that are potentially costly myths that could ultimately prove to be disastrous for covered entities. The reality is that HIPAA is far more complex than most healthcare professionals and entities realize, and compliance requires ongoing 
and vigilant efforts to protect patient information, particularly with today's
increasing cybersecurity risks.

Another commonly held and dangerous myth help by smaller practices is that
they will not be audited, that they are not at risk or required to have the same compliance estandards as larger entities. That is a faulty assumption, one that could be very costly and risky for your practice, as well as your patients.
Smaller practices are also published on the Wall of Shame, small and medium sized practices are actually more closely scrutinized than the larger ones, 
placing them at grave risk. It takes only one complaint by a patient or an employee to facilitate an investigation. Even if there are no violations found,
a single investigation can dispupt business operations and patient service
delivery, and be extremely damaging to your practice, as well as the 
professional reputation that you've spent years building. 

HIPAA has very specific privacy requirements for managing protected health information that reaches far beyond the familiar Notice of Privacy Practices,
and HIPAA security regulations also require providers to consider all electronic, as well as paper aspects of their organization.

​Contact us to find out how easy and affordable HIPAA compliance can be.

HR Advisory Group Ltd can assist your orgnaization with an effective partnership and with the professional development and implementation of  a strong culture of ethics and compliance within your facility by guiding and supporting the organization's executives, board members, employees, administrative staff, compliance officers, and patients.

HR Advisory Group Ltd, and its founding member has been a leader in
supporting and improving the quality of healthcare organizations since 1996.

Successful compliance and ethics programs are a masterful blend of both art
and science, of knowledgeable, effective leadership and management, and of integrating both technical elements with the human element. We are experts
at achieving just the right balance while working in collaboration with you
and your organization.

Compliance and ethics begins with understanding and deep connections with

both the hearts and the minds of people.

​It is unrealistic for any Covered Entity to believe that any IT
system, no matter how sophisticated, complex, or costly can provide security within the walls of the organization.

The human element remains the weakest link and greatest risk in HIPAA related compliance issues. It takes only one individual and
one single incident, to compromise internal controls and processes. Ongoing training and education is mandatory to ensure maintaining the quality, integrity, and compliance requirements of patient health data. 

HIPAA EFFECTIVENESS ASSESSMENTS
The Office of Inspector General’s (OIG) Compliance Program Guidance recommends periodic review of an organization’s
Compliance Program to assess whether the seven elements of
an effective program have been met.   

HR Advisory Group Ltd's HIPAA compliance team can provide independent and unbiased Compliance Program Effectiveness Assessments to help Covered Entities demonstrate their
commitment to HIPAA compliance while identifying areas that
need attention and improvement.

Our Effectiveness Assessments involve a comprehensive review
of your Compliance Program documents, agreements, policies, training, and organizational practices. The assessment may include, but may not be limited to the following:

  • Assessment of current Compliance policies and procedures;
  • Assessment of current Compliance educational, training
  • materials and programs;
  • Assessment of Compliance Committee materials and meeting minutes;
  • Assessment of compliance updates provided to the Board of Directors;
  • Conduct interviews with leadership and individuals in high-risk departments or areas;
  • Assessment of current Incident Response and Breach protocols and Systems;
  • Assessment of investigation processes and documentation; and
  • Assessment of in-house risk analysis and work plan development process.
  • Assessment of Business Associate Agreements and Vendor Management;
  • Assessment of organizations Code of Conduct, Ethics Program and Practices, Conflicts of Interest, and Disciplinary Program;
  • Assessment of existing Human Resource Protocols, Policies, Agreements, and Systems as they relate to HIPAA compliance.
 
Our experts provides your organization's assessment results and recommendations in a formal, detailed, comprehensive report, as
well as providing an executive summary and customized plan of correction.


    


     







    

    

Name
Email
Message
Subject
Phone
Submit