Who Needs to Be HIPAA Compliant?
The Health Insurance Portability and Accountability Act (HIPAA) enacted in 1996, established industry standards for organizations working in healthcare. Since then, there has been some misunderstanding around who needs to be HIPAA compliant.
So do you need to be HIPAA compliant? The simple answer is, if you work in healthcare in any capacity, you need to be HIPAA compliant. The misconception that only covered entities (CEs) need to be HIPAA compliant has led to many organizations being audited and fined. If you are handling protected health information (PHI) you need to be HIPAA compliant. It is important for business associates (BAs) to be aware that they are required to be HIPAA compliant.
A large portion of HIPAA law relates to how PHI is handled. As such, the Department of Health and Human Services (HHS) requires business associate agreements (BAAs). BAAs must be executed before the transmission of any PHI can occur. The purpose of a BAA is not only to safeguard PHI, but to protect CEs and BAs in the event of a breach. If there is no BAA in place, both parties are liable.
The importance of protecting PHI is at the forefront of lawmakers minds, with states introducing their own laws to further protect information. The California Consumer Protection Act (CCPA) and the Oregon Consumer Information Protection Act (OCIPA) require stricter breach notification standards for reporting to affected individuals. The EU General Data Protection Regulation (GDPR) introduced in May 2018, protects not just health information, but any personal data that can directly or indirectly identify an individual.
Do you need to be HIPAA Compliant?
The Guard™
At Compliancy Group, our goal is to simplify compliance so that you can confidently focus on your business. Our proprietary methodology Achieve, Illustrate, Maintain™, covers all aspects of HIPAA law. Our cloud-based solution, the Guard gathers everything you need to demonstrate your “good faith effort” towards HIPAA compliance, so that in the event of an audit you have the peace of mind to know that we have you covered.
Once you have completed our implementation process, you are eligible to receive our Seal of Compliance®, this is issued in three forms, a clickable seal that you can display on your website, when someone clicks, it will divert them back to our page where we will validate and verify that you have done all that is required to illustrate your compliance. You will also receive a seal that you can stick on your door and a seal to add to your email signature.
The Seal of Compliance is a great differentiator for your organization. Studies prove that there is a 17% higher conversion rate on patient acquisition when you display the seal; patients are increasingly educated, often researching doctors before making an appointment. The presence of the Seal of Compliance on your website will prove to prospective patients that you care about protecting their PHI.
