What will it take for you to become HIPAA Compliant?
It’s time to get serious about HIPAA Compliance. HIPAA has been around since 1996, so there’s a good chance you’ve been out of compliance for a couple of decades.
DO YOU WANT TO AVOID BEING FINED UP TO $1.5 MILLION PER YEAR?
As a healthcare provider, you MUST comply with HIPAA, HITECH, Breach Notification, and Meaningful Use.
But I shouldn’t have to tell you this. As a healthcare professional, you care about people. You want to protect their privacy. You would never willingly break doctor-patient confidentiality. But unless you’re actively taking steps to prevent illegal or unauthorized access to patient files, the next high profile data breach on the 10 o’clock news could be yours.
The regulations and requirements for HIPAA compliance differ based on what kind of patient data you handle. In this guide, we’ll provide general guidelines about HIPAA, HITECH, and Meaningful Use legislation. At the end, links to specific guidelines for solo doctors, multiple doctors, business associates, and hospitals are available.
A Government Incentive Program That Will Pay You Up To $63,750 To Become Compliant: Meaningful Use
Before we dive too deeply into HIPAA, it’s important to understand why it matters for your practice, beyond the ethical reason that it’s your responsibility to protect patients’ health records.
Meaningful Use Stage 1 rolled out in 2012. It set objectives for health care professionals in the areas of data capture and sharing. It included provisions like implementing drug-drug and drug-allergy interaction checks, maintaining an active medication and medication allergy list, providing clinical summaries for patients for each office visit, and protecting electronic health information
For doctors not in compliance with HIPAA, it is this last objective that matters the most. When HIPAA was passed in 1996, most doctors did not even use electronic health information, so there was nothing to protect. They were in de facto compliance. Over the years, as EHR became more and more prevalent in the medical field, many doctors and facilities did begin to comply with HIPAA.
It wasn’t until Meaningful Use Stage 1, however, that complying with the regulation offered a real incentive – in fact, eligible professionals who did comply with the regulations in MU Stage 1 could receive up to $44,000 through the Medicare EHR Incentive Program or $63,750 through the Medicaid EHR Incentive Program.
In 2014, Meaningful Use Stage 2 rolled out with an objective to advance clinical processes. MU Stage 2 heavily encouraged the use of EHR by requiring e-Prescribing (eRx), enabling patients to download and and transmit health information, and secure electronic messaging.
Meaningful Use Stage 2 established a second incentive program which would pay up to $43,700 for eligible professionals who fully complied. By now, electronic records were not just a topic of discussion, they were the norm.
In 2016-2017, Stage 3 of Meaningful Use rolls out with the objective of improving treatment outcomes. The substantial increase in adoption rates of EHR during Stages 1 and 2 led to a critical mass of users and data in electronic form. And with that roll out will come new incentives — and they will still require HIPAA compliance, just as they have since 2012.