HIPAA Audits Grow Teeth: Why Dental Organizations Can No Longer Ignore Them
2016 is going to be a monumental year for HIPAA compliance. The Phase 2 HIPAA audits will be starting, and increased HIPAA enforcement is a guarantee. So far in 2016, we have seen multiple fines and HIPAA compliance enforcement has set the stage for the remainder of 2016. For many years, HIPAA compliance has been pushed off and ignored; however, if the first 3 months of 2016 is telling the story, now is the time to ensure your dental practice has established proper policies, procedures, and practices for HIPAA compliance. Don’t get tangled up in a HIPAA audit with no confidence in your dental practice’s compliance with HIPAA!
It is easy to think that your practice is too small to get selected for a HIPAA audit or that audits will focus on large, integrated healthcare systems; however, looking at the findings from the pilot audits indicate that dental practices are just as desirable for a HIPAA audit as any other type of organization.
Some key findings from the HIPAA Pilot Audits include:
- Smaller organizations tended to struggle with HIPAA compliance more than larger organizations
- The most common finding was the entity was “unaware of the requirement”
- Of the total health care providers audited, NONE of them was 100% HIPAA compliant
- Incomplete implementation of the regulations was cited as a top finding from the audits
We are at a stage with HIPAA compliance that the “I didn’t know” or “I was unaware” is no longer going to be an acceptable reason for non-compliance. In the past year, numerous data breaches were reported to the Department of Health and Human Services. In some of the dental data breaches reported, more than 500 individuals were impacted!
- 2,000 individuals impacted when an unencrypted portable device was stolen from a dental provider
- 3,200 individuals impacted after an unencrypted server was stolen during a burglary of a dental office
- 7,400 individuals impacted when dental records at an offsite storage were released by the storage company to unauthorized individuals
With proper oversight of HIPAA and appropriate physical, technical, and administrative safeguards, these data breaches could have been avoided.
Another common finding is the false security that the vendor of your practice management system or electronic health record has all aspects of HIPAA compliance covered. Even when a third party solution manages a system, not all aspects of HIPAA compliance are met. Additionally, you may find that some functionality of your systems does not actually meet compliance of HIPAA. For example, your systems should be able to automatically log out after a specified time of inactivity. Your vendor may be the group responsible for creating the functionality, but you are responsible for the implementation of your dental organization. If your software system doesn’t have the functionality to automatically log out of the system with inactivity, you may be out of compliance with HIPAA. Don’t assume that compliance is met – verify it!
Don’t wait until a HIPAA Audit comes to your dental practice to know that you are out of compliance. Immediate action is needed if you are not confident in your HIPAA compliance. HIPAA takes more than just putting a HIPAA manual on the shelf in your dental practice. Make sure your organization takes the steps NOW and prevents a bad outcome from a HIPAA audit or showing up on the HIPAA Wall of Shame.
Download Your Free SUD Requirements Checklist
Download the checklist to help you navigate and successfully implement the new SUD regulations.
Download Your Checklist
Healthcare providers can take proactive steps to implement the new requirements for substance abuse regulations aligned with HIPAA. Your checklist will be sent to the email address you provide!
We won't send spam. Unsubscribe at any time.