HIPAA Compliance

Feb 4

In 2018, the fines for HIPAA violations amounted to $28.7 million, beating the previous 2016 record of $23.5 million.


If you are an employer who has access to health-related records, such as workers’ compensation claims, it is vital that your HR department is aware of HIPAA compliance and the safeguards required as well as have an ongoing risk management process in place.


Established in 1996, HIPAA has evolved to protect more than the personal health information of people moving from one job to another. It now covers the access, communication, and storage of healthcare data under a law that specifically defines Personal Healthcare Information (PHI) as information from 18 identifiers that can link the health status, provision of healthcare services, and payment for such services to an individual. In order to protect PHI, areas that employers can pay close attention to include:


  • Data privacy and security

  • Tech vendors and social media

  • Policies and procedures including online safeguards

  • Limiting who has access and control of data storage

  • Protecting communication systems that convey PHI

Constant monitoring to ensure compliance involves setting up a risk management strategy to monitor procedures and the security environment. Not only will you be able to detect risks promptly, you’ll also be able to implement an effective response that minimizes downtime and keeps PHI secure.


External components can also impact compliance with HIPAA such as determining whether HIPAA or other data-protection and privacy laws apply when collaborating with any tech vendors that have access to your health plan data. This means that it is important to review vendor compliance to mitigate any potential violations.


Do you have a social media policy? Do employees understand the consequences of sharing information, even if it is accidental? This also includes the use of wellness tools, mobile apps, and emerging technologies that can have an impact on HIPAA compliance.


Staying on top of changes can be time-consuming and demanding, however both the U.S. Department of Health and Human Services and the Office of the Inspector General offer training and materials to assist your team with monitoring potential oversights and safeguarding employee information.

Created with