South Florida Hospital News
Saturday May 8, 2021

test 2

March 2016 - Volume 12 - Issue 9

Five Steps to HIPAA Compliance for a Doctor’s Office

Why do you, as a doctor, dentist or any other medical provider, need to comply with HIPAA? HIPAA, the Health Insurance Portability and Accountability Act, was enacted by the U.S. government to not only protect patient confidentiality and privacy but also to ensure that doctors and other medical practices protect their data to prevent unauthorized persons and criminals from getting access to patients' confidential, private and financial information.
Patient health records called PHI (Protected Health Information) are a valuable commodity for criminals and sell for high prices in the black market. Medical professionals must therefore strictly abide by HIPAA rules in order to avoid monetary fines, damage to their reputation, loss of their license(s), and even imprisonment. Over the last few years, we have been hearing of multiple instances of doctors, nurses and healthcare workers being jailed or fined hefty sums for HIPAA violations. While the Office of Civil Rights (OCR) has concentrated on education and outreach so far, it has increased its focus in 2016 on enforcement of HIPAA compliance.
Professionals in the medical field have the moral and ethical responsibility to abide by laws that govern them and to provide the utmost care, which includes protecting the health information of each and every patient. This requires the ability to make logical decisions minute by minute, plus a great deal of patience, professionalism, and high standards related to HIPAA compliance to ensure protection of ALL health information… which includes the following steps:
#1 – Exercise Privacy in Your Office Everywhere
Give patients the privacy they deserve in your office whether it’s in the lobby or their patient room.
- Minimize references to patients; it is best to call patients by first or last name only when directing them to their patient room.
- Allow for a quiet, private space when talking with patients individually so only those intended for the information are the ones who hear it.
- Never leave patient documents/files unattended or unsecured.
- Always knock before entering patient rooms.
#2 – Post Notice of Privacy Practices      
- Print notice of privacy practices and place it in a common and clearly visible area in your office, so that patients are openly provided with the privacy laws and information that strives to keep their care confidential.
#3 – Maintain and Follow Written Policies and Procedures
- Develop a written policies and procedures manual for everyone in your practice to follow, to ensure patient privacy and security. The manual should also contain forms, notices, disclosures and step-by-step procedures for patient privacy notification and overall HIPAA compliance.               
#4 – Train Your Employees on HIPAA Do’s and Don’ts
- Ensure that your employees are trained on HIPAA policies and procedures every year.
- Your employees should sign and acknowledge their awareness of these HIPAA policies and procedures.
- Document training dates and employee names as proof that all your employees have been trained.
#5 – Conduct the Mandatory Annual HIPAA Security Risk Assessment
- This mandatory HIPAA security risk assessment should be completed in order to analyze risks within the practice.
- If any evaluated areas require remediation or follow-up, plans of action will have to be developed with timelines to address them.
- You can either do this annual assessment internally or hire a HIPAA expert to perform the assessment.
Ultimately, medical facilities that do not stray from complying with current rules and laws that govern their care and practice will continue to have the best reputation and the best rapport with their patients. Enforcing the highest level of HIPAA compliance within your facility means that you understand the importance of protecting health information and providing continuity of care across the medical spectrum to provide the best care outcomes for each and every patient in every way possible.
To view a brief video on this subject, visit or use your smartphone QR reader app to scan this QR code:
Rema Deo is a Managing Director at 24By7Security, Inc. which focuses on compliance and security issues for healthcare and other industries and provides services such as HIPAA security assessment, breach/ incident response, HIPAA policies and procedures, and more.To learn more about the firm, please visit or reach Rema directly at
Share |