HIPAA Compliance for a Small Medical Practice in Denver has long been an issue that providers have struggled with. The Health Insurance Portability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009 have certainly changed the landscape for small medical offices including Doctors, Chiropractors, Physical and Occupational Therapists, and Mental Health providers such as Therapists, Counselors, Psychiatrists, and Psychologists.
We have run into many smaller medical offices in Denver that are not running their offices in a manner that to be certified in HIPAA compliance if they were audited. We know in these instances it is not because they don’t want to be HIPAA compliant; it is more a matter of not being sure what needs to be done or the process of looking at it is just overwhelming. Conversely, imagine how devastating it could be to one’s practice to be hit with thousands and thousands of dollars in fines for non HIPAA compliance.
HIPAA Compliance for small medical practices in Denver can be achieved through looking at your processes and starting to make some simple changes. Start implementing changes and you too will achieve HIPAA compliance for your small medical practice in Denver.
7 Deadly Sins that We Find in Small Medical Practices that Are Not HIPAA Compliant.
1. Using a Free Email Service Such as Gmail or Yahoo. If you are, we can safely say with 100% accuracy that you are not HIPAA compliant. You should switch your small medical practice to a paid service such as Microsoft 365 hosted exchange to get yourself out of potential hot water on this one.
2. Having A Server in an Unlocked Area. As we tour small medical practices in Denver we run into servers that are in closets or cabinets that are not secured or locked. This is a big no no. If you were to be audited this would be a red flag. You need to have your server in a locked area (room, cabinet or cage) to be in compliance.
3. Not Encrypting Sensitive Data. You need to be encrypting the files and folders on your network with sensitive information. We are shocked by how often we run into sensitive data on the network that can be accessed by anyone and is not encrypted. Do yourself a favor and jump on rectifying this sin right away. It is extremely important in the world of HIPAA compliance to encrypt data. There are wonderful tools on the market today for the Small Medical Practice to easily and ways your can affordably encrypt data. An Enigma is a great, inexpensive way to be in compliance on this one.
4. Using an Outsourced Bookkeeper who Accesses Data Remotely. We have run into many instances where bookkeepers are using an insecure means of remotely accessing medical clients networks. Many small medical offices in Denver are trusting the means that their bookkeeper is utilizing for accessing their systems. Accessing the data securely can be done cost effectively and in a way in which your can ensure HIPAA compliance. As a small medical practice you need to be informed and dictate the programs used and ensure you don’t face fines for the negligence of others.
5. Have You Had an I.T. Security Assessment? A security assessment from a reputable and knowledgable I.T. Firm in the Denver area is worth its weight in gold. The assessment could uncover such potential landmines as no daily backups, utilizing Dropbox for file sharing, or a non-existent Disaster Recovery Plan.
6. Having Adequate Policies in Place Regarding Infrastructure. Many things can ensure HIPAA compliance for a small medical practice in Denver. Setting up all computers to log off automatically, monitoring and documenting unauthorized access, and individually identifying all system users. There are many areas that fall under this umbrella that if ignored could open your practice up to HIPAA Compliance violations.
7. Taking Measures to Properly Secure All Electronic Devices. All computers, laptops, phones, tablets, external hard drives, USB thumb drives need to be properly secured physically. In addition, firewalls, allowing no unauthorized access on the devices, requiring strong passwords on all devices, and any sensitive files should be encrypted.
Of course, there is a lot more that goes into HIPAA Compliance for a small medical practice in Denver. A small medical practice manager certainly has their work cut out for them in maintaining patient privacy. There are a lot of great resources and tools available that when utilized will help avoid hefty fines for non-compliance.
A good start would be to bring in consultants who focus in this area and can give you sound advice regarding where your practice stands right now and the steps you need to take to protect your practice and your patients. It is imperative that medical practices in Denver make sure that their employees receive adequate and ongoing training regarding HIPAA compliance. Taking that step typically correlates to small medical practices in Denver who do not receive fines for non HIPAA compliance.
The truth of the matter is that a large percentage of HIPAA violations come from improperly trained or dishonest employee activity. What causes this? Many times it is simple curiosity. In other cases, employees are accessing medical information to sell it. Make sure employees are aware of the ramifications of illegally accessing patient information.
Code Blue Computing is an I.T. Service and support company headquartered in Denver that specializes in small medical practices in the Denver metro area. They support specialties such as Doctors, Physical Therapists, Surgeons, Occupational Therapists, Speech Therapists, Counselors, Therapists, Psychiatrists, and Psychologists.
They help small medical practices from start to finish with networks, firewalls, data backup and recovery, viruses, server setup and maintenance, and HIPAA compliance services.
As a small medical practice manager in Denver you may feel that your office is covered and not in violation on any front. You may be right, but a fresh pair of eyes can sometimes make sense. It is better to find glaring issues on the front end as opposed to when it could cost your medical practice thousands of dollars.
Code Blue Computing offers HIPAA security assessments for small to medium-sized medical practices throughout the Metro Denver Area. You can call 720-746-9763 or send us an email at [email protected] to schedule your appointment today.