As we near the end of 2015, there's no better time than now for healthcare practitioners to reevaluate their practice and ensure they are compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Each year, the Office for Civil Rights (OCR) fines dozens of covered entities for violations stemming from HIPAA. So, what kind of HIPAA compliance trends can you can expect to see more of in 2016 and going forward?
Greater Emphasis on Business Associates Agreements
HIPAA requires all covered entities to create Business Associates Agreements for third-parties with whom they do business, assuming those third-parties have access to Protected Health Information (PHI). Given the fact that more and more covered entities are now using cloud-based storage and other cloud services, it's safe to assume the OCR will place an even greater emphasis on BAAs in the years to come.
While encryption isn't a mandatory specification under the HIPAA Security Rule, it's recommended that covered entities utilize it nonetheless. As more and more medical practitioners make the transition from paper files to electronic files, there's a greater risk of data breach involving EPHI. But one of the easiest and most effective ways to protect EPHI from data breach is encryption. Even if a laptop or storage device containing EPHI is lost or stolen, encryption will mitigate the damage by preventing unauthorized users from accessing it.
HIPAA requires all covered entities to properly train their workers on laws regarding patient privacy and compliance. In the past, many covered entities have overlooked this step, assuming it's of little-to-no benefit. But the OCR is beginning to crack down on covered entities in violation of this requirement, fining them up to $10,000. Unless you are willing to take that risk, it's recommended that you properly train all workers on the nuances of HIPAA compliance.
Greater Enforcement by OCR
A report from the Office of the Inspector General (OIG) recently found that the OCR is not adequately enforcing HIPAA. So, what does this mean for covered entities? Well, it likely means that the OCR will step up enforcement efforts in 2016 and going forward, conducting more audits with greater thoroughness. With more pressure on the OCR, it will likely expand its auditing and enforcement efforts.
These are just a few HIPAA compliance trends that you can expect to see more in 2016.