Importance of HIPAA Compliance for your practice

As a physician, you start growing in your practice you will realize that you need to outsource part or all your billing routine tasks to be more productive and efficient at work. HIPAA compliance is not really an option. All medical practices and businesses must be compliant to stay in business.

What Is HIPAA?

Health Insurance Portability and Accountability (HIPAA) Act of 1996 is a law that intends to protect the privacy of patient information. It establishes national standards for processing electronic healthcare transactions and requires healthcare organizations to implement these.

Why Your Practice Should be HIPAA-COMPLIANT?

Non-compliant of HIPAA regulations can cause a big amount of fines to your medical practice and the Medical Billing Service Company working with you. This also affects the reputation of you and outsourcing medical billing company also it can cost thousands of dollars.

First step to take to become HIPAA compliant is to have a BAA (Business Associate Agreement) in place. BAA need to be submitted to all your vendors such as medical billing service company. This will help your practice to be updated HIPAA compliant practice. As soon as all parties sign the BAA agreement they are liable to follow all HIPAA compliance rules and regulations. If they fail to do so then they are subject to civil and criminal penalties for action not authorized in your BAA.

Recently in one of the USA state one facility violated HIPAA compliance. A nursing home patient’s physician texted the patient’s lab reports to nurse. Both the physician and nurse were the only authorized medical professionals to see the message. The centers of Medicare and Medicaid Services found the residential facility to be the violation. They used text message for the communication instead of the secure method of communication.

Please find below is the Compliance Checklist (Ref:

  1. Have you formally designated a person(s) or position(s) as your organization’s privacy and security officer?
  2. Do you have documented privacy and information security policies and procedures?
  3. Have they been reviewed and updated, where appropriate, in the past 12 months?
  4. Have the privacy and information security policies and procedures been communicated to all personnel, and made available for them to review at any time?
  5. Do you provide regular training and ongoing awareness communications for information security and privacy for all your workers?
  6. Have you done a formal information security risk assessment in the last 12 months?
  7. Do you regularly make backups of business information, and have documented disaster recovery and business continuity plans?
  8. Do you require all types of sensitive information, including personal information and health information, to be encrypted when it is sent through public networks and when it is stored on mobile computers and mobile storage devices?
  9. Have you implemented controls to limit physical access to all devices and areas where PHI is accessed or stored?
  10. Do you limit access to PHI to only those who need it to fulfill their job responsibilities?
  11. Have you implemented technical security controls to protect against unauthorized access to electronic PHI?
  12. Have you identified all your business associates (including subcontractors if you are a BA) and ensured they have signed a BA agreement and follow all HIPAA requirements?
  13. Do you require information, in all forms, to be disposed of using secure methods?
  14. Do you have a documented breach response and notification plan, and a team to support the plan?
  15. If you are a covered entity (CE), do you provide a Notice of Privacy Practices (NPP)  that meets all HIPAA requirements in compliance with the Omnibus Rule changes?
  16. Have you established processes to document and account for disclosures of PHI?

(Questions developed by Rebecca Herold, CIPM, CISSP, CIPP/US, CIPP/IT, CISM, CISA, FLMI; CEO, The Privacy Professor: )

If you answered ‘NO’ to any of these questions you are not in compliance with HIPAA and are at risk of fines and other penalties. It is important to know that a business partner or regulatory agency can ask you, at any time, to provide proof that you are HIPAA compliant.

If you need to bring your medical practice up to HIPAA’s standards, please contact MedicalBillersandCoders today through email: or reach us at our toll free number: (888) 357 3226 and we’ll ensure that your medical practice is HIPAA compliant.

Leave a Reply

Your email address will not be published.