Thinking about HIPAA

Does anyone think about HIPAA much any more?

The Privacy and the Security Rules require periodic assessments of privacy and security practices and modification of systems and processes based on the results of the assessments.

Larger organizations have teams of people who can address these issues.  It’s more challenging for smaller organizations that need to spread complex functions across a small pool of staff.  This is especially true for the security provisions—which are quite technical—but even a periodic assessment of privacy practices can be permanently relegated to the “back burner” by busy staff.  After all, there aren’t any HIPAA police, right?

Privacy and Security assessments make good business sense.  Think of all those agreements you’ve signed agreeing to comply with HIPAA.  Could you prove that you’re doing what you’ve agreed to do if asked?

I’m also seeing HIPAA issues show up in the work that I do as an expert witness for medical malpractice and other types of legal cases.  Think about what might happen if there was an alleged breach of confidentiality and you were asked to produce evidence of your compliance with HIPAA, including periodic assessments.

If you haven’t gotten your privacy and security policies and procedures completed, don’t wait!  It’s way past the deadline.  If you haven’t done your periodic assessments, make it a New Year’s Resolution to begin early in the first quarter. 

Suitable for smaller organizations, The Mihalik Group has comprehensive sets of policies and procedures—one set for privacy and one for security—should you need to jump-start your efforts.  We can even do an assessment of privacy practices and a security risk analysis.