Hipaa Compliance

When people go to the hospital, the last thing that is on their mind is the security of their information. So it is our job and responsibility to make sure that their personal and health information is protected. When it comes to protecting a patient’s health information there are certain rules that hospitals must follow. In 1996 the government passed the Health Insurance Portability and Accountability Act, better known as HIPAA, in an effort to create regulations for the use and disclosure of an individual’s health information. So in order for us to make sure we are in compliance, we will discuss the components of an overall compliance plan and some of the safeguards that should be implemented. By doing this we will be able to bring the Alba, IA hospital into compliance as it pertains to HIPAA.

Before we can even think about drawing up a compliance plan, we must first complete certain steps. Companies who violate HIPAA face fines that can range from thousands to several millions of dollars. For example, an insurance company named Anthem was fined $1.5 million dollars earlier this year for HIPAA violations. During the breach customer’s personal information like names, addresses, birthdays, and socials were compromised. Some may think that it takes money to meet compliance, but I believe if we invest time and human capital we can get this done.

The first step is to complete a risk assessment of the hospital. By doing so we will equip our facility with a blueprint of where we stand with regards to HIPAA compliance. The risk assessments will reveal risk levels that we may deem acceptable, as well as steps we can take towards compliance. When doing the assessment we must include any device that generates, stores, maintains or transmits a patient’s health information. Even devices that are not on the hospitals network like portable X-ray and ultrasound machines, should be assessed. The next step would be to collaborate with decision-makers and other...