In 2018, the fines for HIPAA violations amounted to $28.7 million, beating the previous 2016 record of $23.5 million.
If you are an employer who has access to health-related records, such as workers’ compensation claims, it is vital that your HR department is aware of HIPAA compliance and the safeguards required as well as have an ongoing risk management process in place.
Established in 1996, HIPAA has evolved to protect more than the personal health information of people moving from one job to another. It now covers the access, communication, and storage of healthcare data under a law that specifically defines Personal Healthcare Information (PHI) as information from 18 identifiers that can link the health status, provision of healthcare services, and payment for such services to an individual. In order to protect PHI, areas that employers can pay close attention to include:
- Data privacy and security
- Tech vendors and social media
- Policies and procedures including online safeguards
who has access and control of data storage
Protecting communication systems that convey PHI
Constant monitoring to ensure compliance involves setting up a risk management strategy to monitor procedures and the security environment. Not only will you be able to detect risks promptly, you’ll also be able to implement an effective response that minimizes downtime and keeps PHI secure.
External components can also impact compliance with HIPAA such as determining whether HIPAA or other data-protection and privacy laws apply when collaborating with any tech vendors that have access to your health plan data. This means that it is important to review vendor compliance to mitigate any potential violations.
This also includes the use of wellness tools, mobile apps, and emerging technologies that can have an impact on HIPAA compliance.