HIPAA Compliance Overview Series Part 2: Safeguard your Patients and Your Practice

 In Blog Posts

HIPAA Compliance Overview Series

Part 2: Safeguard your Patients and Your Practice


Our previous post discussed some of the basics of HIPAA compliance and featured a checklist that briefly covers some important factors that influence the outcomes when the government comes knocking with that surprise audit.   It’s critical to know what the subsequent impact will be on your practice will be if violations have occurred.

Let’s start this off by asking a very important question; Does your business deal with protected health information (PHI)? If so, they must be HIPAA-compliant. “Covered Entities” under HIPAA include health care providers, health plans, and health care clearinghouses.

Now that’s just the tip of the HIPAA iceberg. If dealing with PHI, your Business Associates and their subcontractors must be compliant as well.  A Business Associate agreement should be on file for each business associate. The agreement should:

  • Describe how the business associate will use PHI.
  • Require that they use HIPAA-compliant safeguards to protect sensitive data.
  • Require timely reporting of any data breaches.

Prevent Patient Data Breaches and Avoid Huge HIPAA Fines and possible ruin

Data protection and compliance initiatives are taking their rightful place on the short list of IT priorities in the medical/healthcare industry.  Your practice is at risk of being hit by huge Federal fines unless you are vigilant about establishing an ongoing process that protects the private health information of your patients.  Can your practice sustain million dollar-plus fines for violations of the HIPPA Security Rule? Can it survive the public scrutiny or weather the damaged reputation a security breach is guaranteed to bring?


Just recently, a Texas cancer treatment center was fined $4.3 million in civil penalties for violating the privacy and security regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  In those incidents an unencrypted laptop was stolen from the home of an employee and two unencrypted USB thumb drives containing the unencrypted electronic protected health information (ePHI) of some 33,500 people were lost.


The law requires that you bring in a professional to conduct an annual Risk Analysis to identify issues in your computer network – and your procedures — that could compromise the integrity of electronic patient health information (ePHI).  The law also requires you to retain a Management Plan and Evidence of Compliance to document the remediation of discovered issues in the event of an audit.


Failure perform this risk analysis or the ability to apply the results of that analysis — is where organizations suffer significant audit failures.  Leon Rodriguez, former director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, was responsible for enforcing HIPAA and HITECH.  When asked where do organizations suffer the most audit failures, Rodriguez commented in the “failure to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis.”Managing your HIPAA compliance and maintaining levels of security mandated by the federal government is a tedious, time-consuming effort, and one that requires specialized IT expertise.



What Can You Do?

Framework’s CareFree™ HIPAA Compliance Assessment is a proprietary tool that combines state-of-the-art technology automation and physical observations of your environment.  The assessment analyzes almost every aspect of your network and operations to measure and report on any potential vulnerabilities or HIPAA security risks. Once completed, we provide a comprehensive report that includes:

  • Risk Analysis
  • Management Plan
  • Evidence of Compliance.


Keep in mind, resolving some of the issues may be as simple as training employees to update passwords regularly, but unfortunately, others are often more serious and involved, such as changing the data back-up and recovery program.


Proactive. Holistic. Transparent.

The assessment provides a Risk Score Matrix algorithm that prioritizes the work that should be done based upon potential impact to your practice.  We not only provide you with a full set of HIPAA documentation required under the security rule, but also offer the ongoing expert IT support that is needed to resolve any HIPAA related IT issues we discover.


Our proprietary data collectors compare multiple data points to uncover hard to detect issues, measure risk based on impact to the network, suggest recommended fixes, and track remediation progress. Additionally, our detailed Risk Scores go far beyond providing you with a single number on a scale. You also get the details behind the score, so you know what issues are generating the greatest risks.


Helping you achieve your mission is our mission, and the CareFree™ HIPAA Compliance Risk Assessment significantly improves client satisfaction through proactive and transparent processes, state-of-the-art technology, and powerful reporting that accurately documents the overall health of your network and environment in real-time.  The best part? This assessment is complementary!  Why gamble when so much is on the line.  Give us a call at 312-265-8733 or stop by our website to get the ball rolling with what it takes to get your practice compliant for good!


Feel like you want to know more?  Click on our Prezi that provides a more in-depth view of our CareFree™ Managed IT Services and how we support every aspect of HIPAA Compliance so you can keep on doing what you do best!


Leave a Comment