That question is one I hear a lot recently. What’s all the fuss about? Why do I need to pay attention to all of these new “rules?” Isn’t it just a way for someone to make money?
With the passing of the HITECH Act, the HIPAA rules and regulations have undergone some big changes. Things that previously could be overlooked can no longer be ignored. Business associates are now required to implement the things in the security rule and much of the privacy rule. Even something as simple as not having written policies and procedures will mean you are not compliant.
“It won’t happen to me.” So many people seem to be thinking that, while they understand there are new rules, it really doesn’t apply to them because their business is so small it just won’t matter. And so, like the ostrich with their head in the sand, we move along thinking that as long as we don’t address it, no one will see we’re out there.
While it may seem daunting, being compliant really isn’t that tough. There are a lot of simple things you can do to assure that you have taken the necessary steps. And having that written documentation that shows you’re making a good faith effort will go a long way if you do happen to be one who gets audited. There are now required random audits and nothing in those rules says just go after big organizations. Protection of patient privacy applies to everyone, no matter how big or small you are.
We are already seeing the changes of the new laws. HHS has already posted the first group of breaches on their website. And by the way, it’s not just healthcare organizations. Where it applies, each business associate involved is also listed. That sure isn’t a way to get good publicity for your business.
What about you? What’s stopping you from taking the steps toward compliance?
Kathy Nicholls has been involved in the medical transcription industry for over 30 years and is currently the president of the HIPAA4MT Site [http://hipaa4mt.com], which offers guidance for medical transcriptionists and medical transcription companies on compliance with HIPAA and the HITECH Act. She also operates the MT Tools Online [http://mttoolsonline.com] website, which provides continuing education for healthcare documentation professionals. Nicholls is also the published author of the “Stedman’s Guide to the HIPAA Privacy Rule,” and is working on the second edition of that book. She is a certified medical transcriptionist and a Fellow of the Association for Healthcare Documentation Integrity.