Top 10 HIPAA Mistakes for Practices to Avoid – September 2017
By: Michael R. Marks, MD, MBA, and Michael Sacopulos, JD
The Health Insurance Portability and Accountability (HIPAA) Act of 1996 continues to challenge every medical practitioner. A recent discussion on the current state of HIPAA revealed the top 10 mistakes that practices make during implementation.
This year has been rough in terms of privacy. The Office of Civil Rights (OCR) has consistently levied stiff financial penalties on those who violate HIPAA rules. Hacking and ransomware attacks are more frequently in the news. If the confidentiality of patient medical records is not to become a quaint idea of a bygone age, practices need to be proactive. The following mistakes can be avoided, putting your practice on the way to patient privacy protection and HIPAA compliance.
No. 10: Failure to have Business Associate Agreements in place
A Business Associate is a person or entity to whom you provide patient information. These may include third-party billing companies and the service that shreds old documents. Most practices have many Business Associates. The OCR has a free online Business Associate Agreement template that can easily be downloaded.