08.23
2019

The Urgency of Adhering to HIPAA Compliance

Without a doubt, when you work in the healthcare industry, the one thing that should always remain on top of your priority list is patient confidentiality. Keeping personal health matters private is so important, as you (hopefully) know, there is an extremely rigid set of rules that all businesses in the industry must adhere to … or face steep penalties.

Known as HIPAA, the Health Insurance Portability and Accountability Act of 1996 has been doling out hefty penalties to companies that fail to comply with the strict standards it put forth. It doesn’t matter if breaches are big or small, intentional or not, the Office for Civil Rights (OCR) and the U.S. Department of Health and Human Services (HHS) have made it clear that patient rights come first.

In fact, last year alone, a whopping $28,683,400 worth of fines were distributed to HIPAA violators. Now, you may be thinking, Well, that sure is a high number, but it’s probably the result of a lot of smaller fines. You’d be wrong. More than half of that came from a single source: a $16 million fine delivered to a single company due to a large data breach … the largest healthcare breach in U.S. history.

While the chances of your business — particularly if it’s a smaller one — incurring a fine that hefty are probably on the slim side, it’s in your best interest to avoid any fine. Not only is it good for your bank account, but for your company’s reputation. The last thing you want is your name dominating the health industry blogosphere for all the wrong reasons.

And don’t think you can fly under the radar simply because you are one of the smaller healthcare businesses out there. The OCR sent a powerful message in 2016 to show that no violation is too small to pursue. Whereas in the past it would only go after data breaches that involved the information of more than 500 individuals, its regional offices now go after smaller cases.

Here at Actsoft, we’ve made strides in taking our solution to the next level when it comes to features and customization. Most recently, we implemented major improvements to the level of security our software can provide. With the help of a third-party cybersecurity firm to help make sure we didn’t miss any steps along the way, we developed the Vault version of Encore.

With Vault, healthcare companies can rest easy knowing that their patients’ information is protected by software that supports HIPAA compliance. Whether it’s at rest or in transit, our end-to-end data encryption keeps it from would-be prying eyes, so your company can focus on what really matters: addressing your customers’ needs and delivering the stellar service they’ve come to expect.

Have any questions on how Actsoft can help you?

Call (888) 732-6638 or Receive a Live Webinar

08.02
2019

The Do’s and Don’ts of HIPAA Compliance

If your company has a long history of working within the medical world, then there’s a good chance that you have a deep-seated understanding of the Health Insurance Portability and Accountability Act (HIPAA). The rules, which were passed by Congress back in 1996, were put into place in order to protect patients’ coverage and personal information, as well as reduce the instances of healthcare fraud.

But if your company is still in the early stages of branching off into healthcare-related services, or you just want a refresher course, you may not be as familiar. For those in need of some brushing up, we thought we’d share a list of some of the biggest do’s and don’ts to make sure you’re staying compliant when handling such sensitive information.

DO
First and foremost, it’s of the utmost importance that you know exactly what is considered protected health information (PHI). Examples include names, addresses and contact information, social security numbers, medical record information, personally identifying dates (birth, death, appointments, etc.), and photographs. If you’re unsure whether something qualifies, your best bet is to err on the side of caution and treat it as though it does.

DON’T
If you need to have a discussion about a patient of yours with someone else, make sure that person is authorized and that you aren’t doing it in a public setting. Instead, find a private setting to do so and avoid the potential that anyone else overhears what’s being discussed.

DO
Keep your login information to yourself. Under no circumstances should you ever share this information with anyone else, even if it’s a colleague that you trust. Along the same vein, never write down this information even as a personal reminder for yourself. In both situations, it constitutes a breach of security and counts as an infraction.

DON’T
Never leave patient information in plain sight. This means that, whether you’re at the back office or in the field, don’t leave your devices unlocked and able to be seen by anyone else. It doesn’t matter if you’re stepping away for 20 minutes or 20 seconds.

DO
When patient PHI and ePHI retention periods expire and you are no longer required to hold onto this information, if you choose to dispose of the records, you must be sure they are fully destroyed. Hard copies must be shredded, pulped, or incinerated, while electronics must be securely wiped or the device on which the ePHI is stored can be destroyed, if need be.

DON’T
If your patients want access to their own records, it’s your responsibility to provide them within 30 days of their request. If patients choose to share this information with other entities, that is at their discretion, but denying them the right is a violation and can result in hefty fines.

DO
Implement software that truly supports HIPAA compliance. The Vault tier of our Encore software allows you to collect sensitive customer information and transmit it to your back office with complete end-to-end data encryption. We even brought in third-party experts for an additional layer of vetting to help make sure we covered all our bases and confidently stand by our ability to keep your client information safeguarded.

You can never be too safe when you’re working in the healthcare industry. By taking a few cautionary steps, as well as implementing trustworthy software to help you with your daily needs, you’ll be well on your way to running a HIPAA-ready business.

Have any questions on how Actsoft can help you?

Call (888) 732-6638 or Receive a Live Webinar