• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
    • Dynamic Chiropractic
      • Newspaper
      • Subscription
    • The American Chiropractor
      • Magazine
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Sponsored Content
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
    • Coronavirus (COVID-19)
  • Resource Centers
  • Products & Services
    • Buyers Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students

Hungry, hungry HIPAA: A moment’s inattention could cause a compliance catastrophe

Kathy Mills Chang, MCS-P October 14, 2016

HIPAA

It’s easy these days to get so caught up in the transition to ICD-10 coding that you let other policies and procedures fall by the wayside, but nothing good can come from dropping your guard on HIPAA.

The possible violations are many, and the consequences for you and your patients are potentially severe.

A single employee with an Instagram account could inadvertently violate patient privacy just by taking a photo with a patient or a computer screen in the background. But most practices and their staff are generally aware of this kind of mistake.

Of much greater concern is a significant data breach from hackers or thieves. One study showed a 50- percent uptick in healthcare-related data breaches in 2014 alone. This is because healthcare records are good business for criminals.

Credit card companies have been on the ball about reporting unusual charges, but insurers don’t monitor patient claims with theft in mind. So a Medicare or insurance ID number is quite valuable on the black market, and could become the basis for significant identity theft.

Since 2009, there have been nearly 1,200 data breaches affecting over 133 million patient records. The smallest reported breach was of 441 records at a hospice in Idaho. The largest is one you’re probably well aware of: the whop- ping 80 million patient and employee records involved in a breach at health insurer Anthem in January 2015.

The HIPAA language on this is specific, requiring that you “secure all electronic protected health information against accidental or intentional causes of: unauthorized access, theft, loss or destruction, from either internal or external sources.” This means securing not only your laptops and computers but also memory sticks and cards, smartphones, and even fax machines and copiers—especially those that double as scanners and printers (and therefore store data).

Theft is the most common cause of data breach, with laptops being the single biggest target, followed closely by paper records. Think you’re in the clear because you use electronic health record (EHR) software?

Nope. EHR systems aren’t typically the problem; rather, it’s the user’s behavior when pulling reports and data from the system. Similarly, moving data to the cloud simply transfers the problem there if you don’t clean up procedures, use secure and updated passwords, and pay attention to security procedures like logging out.

In other words, the biggest threat to the safety of your patients’ records is likely someone on your own team.

Although patients can’t sue you for a HIPAA violation, they can bring a negligence lawsuit with the violation as its basis. The amount of money at stake can be astounding. In addition to HIPAA fines, it’s not unusual for large companies that have been breached to face multibillion-dollar class action lawsuits.

What’s a busy office to do? It’s essential to earn patient confidence and keep your practice safe. Start by taking a close look at all team members who access patient records.

Follow up with training and pop quizzes to make sure your team understands privacy procedures, especially how to use secure passwords and why it’s important to log out every single time a team member steps away from a laptop or computer.

Document this training and keep it on hand in case of a HIPAA audit.

HIPAA may be far-reaching and hungry, but you can make sure you’re not the one feeding it.

 

Kathy_Mills_Chang-Headshot[1]Kathy Mills Chang is a Certified Medical Compliance Specialist (MCS-P) and Certified Chiropractic Professional Coder (CCPC), and since 1983 has been providing chiropractors with reimbursement and compliance training, advice, and tools to improve the financial performance of their practices. She leads a team of 16 at KMC University and is known as one of the profession’s foremost experts on Medicare. She or any of her team members can be reached at 855-832-6562, at kmcuniversity.com, or by emailing info@kmcuniversity.com.

 

Filed Under: 2015, issue-13-2015

Current Issue

CE issue 2 cover

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

Compare Subscriptions

Dynamic Chiropractic

The American Chiropractor

3948 3rd Street South #279,

Jacksonville Beach, FL 32250

Phone 904.285.6020

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • Chiropractor roles expand if Oregon bill passes
  • American Chiropractic Association Presents 2023 Annual Awards
    American Chiropractic Association logo
  • The Joint Chiropractic Earns Major Accolades for Franchising Excellence