ABYDE FOR WYOMING OPTOMETRIC ASSOCIATION MEMBERS

It's time for stress-free compliance.

Request a demo
  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

"The toughest part of HIPAA is complying with the rules. Abyde’s step by step system removes the complexity and therefore the worry of complying with the rules. Plus, Abyde reminds me to stay up to date, keeping me in continual compliance!"
Dr. Robert Bass
"The ease of the Risk Assessment is definitely my favorite. Abyde is very good at keeping us on track. The training programs are great as well."
Brenda Anderson
"I love how Abyde continually sends notifications to update information so we can stay current with all compliance issues. Above all, you will not find a more economical choice that provides all of the resources needed for compliance in your medical practice."
Amy Rogers

LATEST COMPLIANCE NEWS

Business Associate Risk Analysis Initiative Fine

Business Associate Accountability: Health Fitness Corporation’s $227k HIPAA Fine

March 27, 2025   With over $3.5 million of fines levied against Business Associates (BAs) so far in 2025, it’s fair to say that the Office for Civil Rights (OCR) is serious about holding them accountable. These fines in 2025 serve as a reminder that BAs play a crucial role in safeguarding Protected Health Information (PHI).  The latest BA HIPAA fine was enforced on the Health Fitness Corporation, which offers wellness plans nationwide.  After a flurry of breach reports, Health Fitness Corporation found itself in the crosshairs of a HIPAA investigation. This investigation exposed some critical missteps, leading to a $227,816 settlement and a two-year Corrective Action Plan (CAP).  At the center of this fine is a missing Security Risk Analysis (SRA). The SRA is a thorough assessment that identifies the organization’s vulnerabilities.  This fine was also the fifth enforcement of the Risk Analysis Initiative, a recent program by the OCR to ensure regulated entities complied with this HIPAA requirement.  This fine not only spotlights the importance of Business Associates following HIPAA, but also for all regulated entities to be aware of the Security Risk Analysis requirement.    What Happened?  In August 2015, PHI was exposed online due to a server misconfiguration. This breach was not discovered in June 2018, with an estimated 4,000 patients impacted by this security issue.  Four breach reports describing this incident were filed from the end of 2018 into early 2019.  This led to the OCR investigating Health Fitness Corporation. It was then uncovered that the organization did not complete a thorough SRA until 2024.  The SRA is an annual requirement for every HIPAA-regulated entity. This assessment should also be completed after any breach to review and address vulnerabilities.  As a result, the wellness program organization was fined $227,816 with government monitoring for the next two years.    How to Protect Your Organization  When working with PHI, all involved parties must know their responsibilities.  For Covered Entities and Business Associates, having a Business Associate Agreement (BAA) with any third parties with access to PHI is vital. BAAs define each party’s responsibilities, creating legal liability. This required document demonstrates that each party is willing and able to take responsibility for protecting sensitive patient data. In addition to being aware of HIPAA responsibilities, ensure your organization completes an SRA annually, and anytime a breach occurs. Risks can be mitigated by being on top and informed about your organization’s vulnerabilities.  Utilizing a smart software solution can streamline these requirements. Smart solutions can streamline the SRA and any BAAs, protecting your organization. To learn more about how you can automate and streamline compliance in your practice, schedule a consultation with an expert today.

Read More »
HIPAA Right of Access

What is Right of Access?: Understanding the HIPAA Privacy Rule

March 20, 2025   HIPAA is often misunderstood as only addressing the security of medical information. However, it encompasses more than that. The Health Insurance Portability & Accountability Act also defines how medical information must be shared with patients through the Privacy Rule. This highlights another key responsibility healthcare providers must be accountable for.  Alongside the Security Rule and the Breach Notification Rule, the Privacy Rule provides patients additional rights regarding how their medical records are handled.  The Privacy Rule created the Right of Access, requiring practices to provide patients with their medical records in a timely manner.  With the latest fine for HIPAA being a Right of Access violation, it’s vital for practices to be aware of this requirement and how it pertains to the care they provide.    What is Right of Access? Right of Access gives practices 30 days to fulfill a patient’s request for their records. In some situations, these thirty days can be extended to an additional 30 days, but that is the longest period of time allowed to provide a patient with their records.  This is a federal requirement, but the timeline could be even shorter depending on where the practice is located. For instance, if the practice is in California, staff must provide patients with medical records within 15 days.  Your practice can charge for medical records, but it needs to be reasonable. The Office for Civil Rights (OCR) defines this as the average cost of supplies, limited labor, and postage when providing medical records to a patient.  However, instead of calculating this cost, the OCR also suggested a flat fee not to exceed $6.50 when handling electronic records. Once again, other guidance can be levied on the state level, like California’s cap on the cost of medical records at 25¢ a page plus a reasonable clerical fee.  From the moment a practice receives a request, it must be addressed quickly. Staying on top of these requests is crucial for staying compliant and maintaining patient satisfaction.    How to Stay Compliant While this might seem simple, many practices have been fined in the past for violating this right of patients. In 2024 alone, Right of Access fines accounted for nearly $500,000. The OCR introduced a Right of Access Initiative to ensure that these patient requests are taken seriously. Many of these investigations and fines stem from patient complaints, showing the importance of complying with this HIPAA component.  Utilizing smart software solutions can assist your team in ensuring that all staff members are aware of their responsibilities when handling PHI, including the responsibility to address patient requests quickly. This empowers your team to take accountability and keep patients happy.  To learn more about how to comply with HIPAA Right of Access legislation, meet with our team of compliance experts today.   

Read More »
Read more

READY TO BE STRESS-FREE?

schedule a demo