From e-mail to medical records to social media, medicine is squarely in the digital age. While technology has expanded the frontiers of medicine, it has also triggered a whole new web of risks and legal regulations to which your practice maybe vulnerable. Protected health information (PHI) breaches are becoming commonplace and costly.
The federal government passed the HITECH Act in 2009, and in January 2013 the privacy rules under HIPAA were greatly expanded. This expansion included approximately 570 pages of new rules that involve everything from third party marketing to patients to requirements for some healthcare venders that your practice hires. These federal laws are enforced by the Office of Civil Rights under the Department of Health and Human Services.
Below follows Medical Risk Institute’s HIPAA and HITECH Act Compliance Package designed to keep your practice safe and compliant:
- Staff training on privacy and security issues. Upon completion, each individual receives a certificate to document successful completion of training available for twelve months.
- Independent information technology review to access security and compliance. Report from this review will supplement the security risk analysis.
- The following policies, notices, and plans will be provided to the practice:
- Social Media Policy
- Mobile Device Policy
- Security Policy
- Photograph and Video Release
- Business Associate Agreement for a physician
- Business Associate Agreement for a vendor
- Confidentiality and use of Information
- PHI Breach Notification Policy
- Data Destruction Policy
- Patient Privacy Notice
- Communication Notices
- Acknowledgement Forms
- Instructions on proper determination of “Business Associates” will be provided. Also an updated and compliant Business Associate Agreement template will be provided.
- A remote consultation and security/privacy evaluation will be performed via Skype.
- The above remote consultation and independent IT review will form the basis of a Security Risk Analysis Report which will be specifically written for the practice.
- HIPAA and HITECH Act alerts will be provided to the practice for a twelve month period.
- Quarterly Newsletter written to assist the practice with risk avoidance.
- A custom binder and compliance activity log to assist with HIPAA and HITECH Act organization and compliance documentation.
- Hotline for privileged communications with a licensed attorney concerning HIPAA questions by staff
- A sixty (60) minute practice consultation with a licensed attorney to confidentially help the physician and/or practice administrator with HIPAA and HITECH Act issues.