HIPAA

New Jersey Nursing Facility HIPAA Fine
Fines, HIPAA

HHS Cracks Down on New Jersey Nursing Facility for HIPAA Violation

April 1, 2024 Comments Off on HHS Cracks Down on New Jersey Nursing Facility for HIPAA Violation

April 1, 2024 The U.S. Department of Health and Human Services (HHS) has imposed a civil monetary penalty of $100,000 on Hackensack Meridian Health West Caldwell Care Center, a skilled nursing facility in New Jersey. The facility violated the HIPAA Right of Access law. The penalty stems from the facility’s failure to provide a patient’s medical records to their authorized representative in a timely manner, or within 30 days.  According to the HHS Office for Civil Rights (OCR), which investigated the case, Hackensack Meridian Health withheld the records even after receiving documentation demonstrating the individual’s legal right to access them. The requested records were ultimately sent to the authorized representative only after intervention by the OCR. HIPAA guarantees patients the right to access and obtain copies of their medical records. The OCR enforces this regulation and takes action against healthcare facilities that fail to comply. “A patient’s timely access to health records is paramount for medical care,” said OCR Director Melanie Fontes Rainer in a press release. “The OCR will continue to vigorously enforce this essential right to ensure compliance by health care facilities across the country.” This incident highlights the importance of HIPAA and the rights it grants patients regarding their medical information. It also serves as a reminder for healthcare providers to ensure they have clear procedures in place for handling requests for medical records. This is also the second Right of Access violation ruled on in the last week. Read more about other recent fines here.

Phoenix Healthcare HIPAA Fine
Fines, HIPAA

Phoenix Healthcare Fine: Don’t be a Fool in Compliance

April 1, 2024 Comments Off on Phoenix Healthcare Fine: Don’t be a Fool in Compliance

April 1, 2024 Happy April Fools Day! We hope you’re enjoying the holiday with some lighthearted fun and pranks!  Now, HIPAA regulations are no laughing matter. HIPAA regulations are in place to protect patients’ information, making sure we all have the rights we deserve to keep our information safe.  Today, we’re talking about the latest HIPAA fine, given to a multi-location nursing care organization in Oklahoma, Phoenix Healthcare.  Phoenix Healthcare was fined 35 grand for violating the HIPAA Right of Access Rule, being the butt of the joke of this major fine.  Get buckled up, pranksters! We’re all in for some April Fools’ fun but don’t even think about messing with HIPAA. Patient privacy is no joke!  So, What Happened?  Well, what happened was unfortunately not a prank.  Phoenix Healthcare withheld someone’s health information for almost a year after an initial request was made.  The OCR was made aware of this not-so-funny situation by a caretaker trying to get the health information of her mother, a patient at the nursing home.  Like a joke that went on too long, Phoenix Healthcare eventually did send the information to the daughter. However, the HIPAA Right of Access Rule requires information to be shared within thirty days of a request. Some states, it’s even sooner, like California!  The daughter reported the HIPAA violation to the OCR, and at first, Phoenix Healthcare was ordered to pay a fine of 75,000! With an appeal, and an agreement that Phoenix Healthcare updates its HIPAA policies and procedures, and provides training, the fine was lowered to 35,000.  Whew! While Phoenix Healthcare is still on thin ice, they saved themselves a lot of money.  What can I learn from this?  Well, great question! First, HIPAA compliance is no joke. But don’t worry, no April Fool’s pranks here!  To stay ahead of the curve,  we can make sure your practice is up-to-date on all the HIPAA rules. That way, you can focus on the fun and leave the compliance worries to us. With Abyde, we make sure you Never Stress Over Compliance Again! The Abyde software offers a variety of features to simplify the compliance process. Yes, the words ‘simple’ and ‘compliance’ can be in the same sentence.  While this is a chore for Phoenix Healthcare, the Abyde software even includes dynamically generated policies and procedures, having HIPAA-compliant policies in seconds. The training is also covered, with our enjoyable training that somehow turns learning about HIPAA fun!  We promise you, this isn’t an April Fools trick, we actually make compliance easy. To learn more about how Abyde can help your practice, schedule a consultation, here. 

Business Associate Agreements Portal
Best Practices, Business Associates, HIPAA

Abyde Feature Week: BA | CE Portal

March 21, 2024 Comments Off on Abyde Feature Week: BA | CE Portal

March 21, 2024 Let’s go! Day number four of Feature Week. We hope you’ve stayed tuned as we go over all the wonderful features that make Abyde the leading compliance software for Business Associates (BAs). We know that running your business can be tough, so we simplify compliance, so you can focus on being successful in your business.  So far, this week we’ve gone over our intuitive Security Risk Analysis (SRA), our unique Scorecard, telling you what you need to do to be compliant based on your answers, and yesterday, our dynamically generated custom Policies and Procedures, saving your business countless hours in drafting documentation.  How does this software get even better? Well, it does!  Today, we’ll go over our state-of-the-art BA and CE (Covered Entity) Portal, where you can manage your Business Associate Agreements (BAAs).  As we say here at Abyde, who does it better than us? NOBODY!  BAA-lieve It or Not: The Importance of Business Associate Agreements A Business Associate Agreement, or a BAA, is an agreement between a BA and CE, or a Sub-BA, that outlines the roles and responsibilities of both parties when it comes to securing Protected Health Information (PHI).  In simpler terms: a contract that spells out what each party needs to do when it comes to HIPAA compliance.  One of the top HIPAA violations BAs make is not having a Business Associate Agreement in place.  This agreement is required by the government, making sure both parties are aware of the responsibilities that come along with handling sensitive patient information.  BAs must have agreements in place with all CEs and Sub-BAs they work with.  Managing these agreements could be complicated without Abyde, being unaware of what needs to go into an agreement, getting it over to be signed and knowing when these agreements expire.  But with Abyde, you don’t need to worry about this, simplifying the compliance process even more. Like how we dynamically generate custom Policies and Procedures, we create BAAs for you.  All we need you to do is digitally sign. The BAA will be sent over by email through the software and will be stored in our nifty BA | CE Portal.  Have an agreement expiring soon? We’ll notify you, giving you plenty of time to update your documentation so you can stay compliant.  All BAAs are easily downloadable from the software and can be reviewed at all times. Have a partner who hasn’t signed yet? We’ll send reminders for them, too.  With our revolutionary features, we think it’s clear: we want to make compliance the easiest part of running your business.  To learn more about how you can manage your Business Associate Agreements with the Abyde software, email info@abyde.com and see it in action here.

HIPAA Compliance Scorecard
Cybersecurity, HIPAA

Abyde Feature Week: Scorecard

March 19, 2024 Comments Off on Abyde Feature Week: Scorecard

March 19, 2024 Welcome to Feature Week! Whether you stayed tuned from last week, or are a first-time reader, we are celebrating the features that Abyde offers to make it easy for your practice to stay compliant. Yesterday, we highlighted Abyde’s state-of-the-art Security Risk Analysis (SRA), turning a complicated evaluation of your business’s compliance practices into a simple questionnaire that can be completed in minutes.  Once your SRA is done, the Scorecard comes into play.  Get comfortable and stay tuned on how this feature can make HIPAA a breeze for your business.  Keeping Score Whew!, That SRA wasn’t so bad, right? So, what’s next? This isn’t a scorecard like in golf but is a hole-in-one when it comes to monitoring your compliance practices. The Scorecard is a review of your answers to the SRA and gives your business a thorough explanation of how your current practices hold up against regulations, and what your organization can do to improve.  The SRA is like a coach’s playbook, outlining the game plan for HIPAA compliance. The Scorecard is this plan in action, like reviewing your game tape, seeing what you need to improve and what vulnerabilities you have as a business.  This scorecard is easy to review and gives your business the risk levels of your current practices.  Each question is unique, and some practices are more critical than others. For instance, only changing your password every six months is not ideal, but not as risky as not encrypting your files.  Unfortunately, some practices will never be ‘low risk’, even if they are not wrong just because there’s always the chance of human and technological errors.  For instance, numerous employees working remotely while handling Protected Health Information (PHI) is always going to be riskier than all PHI staying in one location.  Impacted by a breach? You can easily show proof of a Security Risk Analysis by downloading the Scorecard in the software, showing the government that you take HIPAA seriously.  You can also see every version of your Scorecard in the software, seeing how your path to compliance has gotten easier with the help of Abyde. Ready to keep your HIPAA compliance score? Reach out to info@abyde.com and schedule a demo here for your business.

HIPAA Security Risk Analysis Software
Cybersecurity, HIPAA

Abyde Feature Week: Security Risk Analysis

March 18, 2024 Comments Off on Abyde Feature Week: Security Risk Analysis

March 18, 2024 For some, this might be Spring Break, but we have something even more exciting planned: Feature Week! Throughout this week, we are going to share the amazing things we have to offer Business Associates (BAs) for HIPAA compliance. I know that Spring Break and software features might seem like worlds apart, but somehow at Abyde, we make compliance and simplicity go hand in hand.  So, get comfortable, fix your beach chair, grab a drink, and see how Abyde can make your compliance journey easy with our Security Risk Analysis (SRA).  What is a Security Risk Analysis (SRA)?  A Security Risk Analysis (SRA) is a required assessment of risks and vulnerabilities of how Protected Health Information (PHI) is handled. The quick 411– PHI is identifiable information about a patient, like a social security number, medical records and more.  The Security Risk Analysis, established in the Security Rule, is an overall evaluation of how your business properly protects PHI, ranging from how often you change the passwords on your systems, to security alarms on the door of the business.  This assessment is required, and organizations’ lack of one is a common HIPAA violation.  Last year, a BA was fined $100,000  by the Office of Civil Rights (OCR) after they were impacted by a ransomware attack. One of the first things the OCR looks for is an SRA. As you might’ve guessed, there was no SRA in place, contributing to the hefty fine.  How Abyde can help There’s A LOT of information to go through, and it might be overwhelming.  That’s where our simplified Security Risk Analysis comes in.  With Abyde, you can now analyze your processes without needing to hire a consultant or trying to audit yourself by referring to tons of paperwork.  Before Abyde, an SRA could take weeks. With Abyde, it takes minutes. Our simple questions get straight to the point, and if you don’t know the answer to something? Don’t worry! You can mark the question and it will come back up later in our Ongoing Questions section on the dashboard, or call our team of compliance experts for help.  Abyde is here to make compliance simple. It’s what we do best.  Stay tuned for the next day in our feature week: our Scorecard.  To learn more about the features of the Abyde software, email us at info@abyde.com and see the software in action by scheduling a demo here for Business Associates and here for Covered Entities. 

Change Healthcare Breach Update
Audits, Cybersecurity, HIPAA

Change Healthcare Breach: What We Know Now

March 14, 2024 Comments Off on Change Healthcare Breach: What We Know Now

March 14, 2024 BREAKING NEWS! Your friends at Abyde are right back at you with an update on the Change Healthcare breach. Check out our first blog post on the breach here!  Now, to quickly bring you up to speed, Change Healthcare, a division of United Healthcare, was impacted by a ransomware attack. This ransomware attack is like nothing we’ve ever seen, and being called the most significant attack on our healthcare system of all time.  This ransomware attack was disastrous, taking Change Healthcare systems offline, and making it impossible for healthcare providers to check for insurance eligibility, see new patients, properly process prescriptions correctly, and much more.  Now, it’s been several weeks since the initial attack, and we have the latest scoop for you.  What’s going on now?  Well, now here comes the fallout. While some of the systems have been able to get back online, like pharmacy functions, Change Healthcare is still not 100%. This has been detrimental to healthcare providers, and is costing them $100 million a day! Now, I know that’s gotta hurt.  Now, the lawsuits are starting to roll in. Now, multiple class action lawsuits have been filed against Change Healthcare/United Healthcare due to its inadequate security systems and how it’s been handled.  Unfortunately, in this attack, it’s highly likely Protected Health Information (PHI) is in the hands of criminals. In this ransomware attack, over six TB of stolen data was encrypted by the deceptive hackers. So, these lawsuits are just getting started.  The government is also involved in this breach, investigating the causes and effects of the ransomware attack. The FBI has run into this group of hackers before and has taken some of their servers offline, causing many to think this attack was of vengeance.  The Department of Health and Human Services also came together to discuss and address the impact of the cyber attack for more to come. As of yesterday, March 13, the Office of Civil Rights also released a statement of beginning their investigation of the attack.  It’s safe to say this is far from over, and it’s been a tough month for United Healthcare.  What should I do?  To keep up with the news, we recommend you follow our news page, where we release the newest updates in compliance news and the best tips for your practice or business.  To keep up with the Change Healthcare system updates, you can follow this page here.  To keep your practice or business safe, and avoid this hot water that United Healthcare found itself in, it is essential for you to proactively protect your organization. This includes working with an IT company, employing firewalls, encryption, and of course, having compliance software like Abyde.  Abyde is your one-stop shop when it comes to compliance management, allowing you to evaluate your risks and address them before it’s too late. Need documentation in order? Yeah, all in the software. Oh and – let me stop you right there, yes, we also dynamically generate our personalized policies and procedures, so don’t worry about writing them.  And if you experience a breach? We’re here for you. We have an awesome team of compliance experts here to help you navigate any situation, so you’re not alone.  Want to learn more about compliance? Reach out to us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates! 

Top Mistakes of Business Associates in Healthcare
Business Associates, HIPAA

Top Mistakes of Business Associates in Healthcare: How to Avoid Partnership Pitfalls

March 13, 2024 Comments Off on Top Mistakes of Business Associates in Healthcare: How to Avoid Partnership Pitfalls

March 13, 2024 Hi Business Associates (BAs)!  We know that working with healthcare practices adds the stress of securing the Protected Health Information (PHI) of patients. Running a business and protecting patients can be tough, but it’s a requirement under HIPAA.  This shared responsibility is key to keeping your business compliant, allowing you to have a successful business, happy partners, and of course, safe patients.  Here are some of the most common compliance violations BAs make, and how you can avoid them.  Dude, Where’s My Business Associate Agreement?  The first thing a Business Associate needs to do is sign a Business Associate Agreement (BAA) when working with a Covered Entity (CE). BAAs are a game plan for our business alongside healthcare practice. With a proper BAA, your organization has documentation of your shared responsibilities to keep PHI secure.  If there’s anything you need to know about compliance, it’s to document everything! This BAA includes important information about permitted uses and disclosures of PHI, safeguards that the BA is expected to establish, Breach Notification requirements, training requirements and more.  Now, this map of your partnership seems like a pretty easy thing to do, especially because it takes some liability off of your shoulders.  However, one of the most common violations of HIPAA for BAs is not having this agreement documented. There have been millions of dollars in fines that stem from one simple thing: not having a BAA. It’s a simple step your business has to take, and with Abyde, we make it easy. With our software, we will draft a personalized BAA for your organization. All you have to do is sign it and send it off to your CE partner. Worried about losing this BAA? Don’t worry! It lives in the software having this documentation readily available for your business. Getting Schooled A Lack of training is another top mistake for BAs. Once again, as a BA, it is imperative to be aware and educated on compliance. While compliance training might not exactly be as exciting as a Rocky montage running around Philly, it is very important, and when done right, can be fun. Abyde nails entertaining training with our interactive material, simplifying complicated topics into top-notch training.  Once again, training is vital for BAs, and when not completed, the consequences can be severe. When you violate HIPAA rules, like not training, the minimum fine is $137 per incident. Something like that can add up pretty quickly.  Additionally, training is so important in promoting a culture of compliance, ensuring all employees know the essential role they play in your business. Breach Bandits Unfortunately, breaches are common in healthcare. While it is imperative to take proper precautions against breaches, like having an IT company’s assistance, controlled access, and more, it can still happen. Sometimes, no matter how hard you secure your business, breach bandits still find a way through your security.  While it might happen to you, you can always control how you handle the situation. Before a breach even occurs, you need to take the proper cybersecurity precautions, and also complete a Security Risk Analysis (SRA).  After a breach, it is required to follow the Breach Notification Rule of HIPAA. The Breach Notification defines what your business needs to do if it is impacted by a breach, including how it needs to be reported and how it must be shared with affected patients.  The consequences of improperly handling a breach can be catastrophic, with major fines affecting your business.  For example, the first ransomware attack ruled on by the OCR impacted a BA. This Business Associate was caught in the crosshairs of a ransomware attack and was fined $100,000 due to their lack of a SRA and having no policies and procedures in order.  Now, dun dun dun! That’s where Abyde steps in again. Our software includes a simple SRA for your business to complete, going through all OSHA requirements in a questionnaire that takes minutes to complete. Well, you might now be wondering: What about policies and procedures? How do I quickly write those? I don’t know what I need? Well, the Abyde software has dynamically generated policies and procedures for your practice, drafted in seconds.  Overall, your friends at Abyde know that running both a successful business AND ensuring the protection of patients’ data can be complicated, and that’s why we’re here to help.  Abyde is the simple solution for all of your compliance concerns, with our intuitive software making compliance easy.  To learn more about how Abyde can eliminate your business’ compliance worries, email us at info@abyde.com or schedule a consultation here.

Common Compliance Vocabulary
Best Practices, HIPAA, OSHA

A to Z: A Compliance Dictionary

March 12, 2024 Comments Off on A to Z: A Compliance Dictionary

March 12, 2024 Today, we’re taking you to compliance school. Don’t worry, there won’t be a test, so no need to study!  Sometimes compliance can be complicated, and with so many specific words, it’s easy to feel overwhelmed. At Abyde, we believe in simplifying compliance, so we’re kicking it back to Kindergarten – more specifically, the ABCs. Here are the ABCs of compliance – see how many you already know!  Audit – An audit is an examination of how compliant your practice currently is. The random HIPAA audit program will likely resume this year.   Business Associate – A Business Associate is someone who handles Protected Health Information (PHI) and performs functions on behalf of a Covered Entity (both defined on this list!). Business Associates include a variety of fields, like medical equipment manufacturers, medical marketing teams, disposal companies, and more.  Covered Entity – A Covered Entity directly works with sensitive patient data. This includes healthcare providers, health plans, and clearinghouses.  Disaster Recovery Plan – A Disaster Recovery Plan is a required set of procedures to handle the effects of an unexpected event. This includes identifying potential risks, like different natural disasters, and more.   Electronic Protected Health Information – Electronic Protected Health Information, or ePHI for short, is any PHI that is created, received, maintained, or transmitted in electronic form.   Fraud – Fraud is deception to obtain something of value. HIPAA is in place to protect patients and prevent fraud by securing patient information and if these regulations are broken, there are consequences.   GDPR – The GDPR, or General Data Protection Regulation, is essentially a HIPAA equivalent for our friends across the pond, or the European Union. The GDPR includes more than just healthcare, but does define the privacy of patient records.  HIPAA – HIPAA, the thing you probably have heard of at least a million times (at least I know I have), or the Health Insurance Portability and Accountability Act, signed into law in 1996, protect the privacy and security of individuals’ health information and to establish standards for the electronic exchange of health information. Incident Response – An incident response is how you handle a situation. Under HIPAA, remember to document everything and report it in a timely manner.  Joint Commission – Joint Commission is an accreditation agency that evaluates healthcare organizations. Joint Commission would be considered a Business Associate if they come into contact with Protected Health Information.  Know your Patient – Know Your Patient, or KYP, is a way to identify a patient before any information is shared with the wrong person.  Logs – Logs are prevalent in HIPAA and OSHA, and are just documentation. This includes things like asset logs, or documentation of the items your practice has, and things like a breach log, which includes an explanation of a breach (who, what, where, when, etc.) Minimum Necessary Standard – The minimum necessary standard is the protocol that the least amount of sensitive information about a patient should be shared. Notice of Privacy Practices – The Notice of Privacy Practices is a required notice to patients on how their information will be used and shared.  OSHA – OSHA, or the Occupational Safety and Health Administration, is the government agency that ensures safe and healthy working environments for workers.  PHI – Protected Health Information, or PHI, is identifiable information about a patient that is created and shared by a Covered Entity or Business Associate. This includes names, social security numbers, emails, medical record numbers, and more.   Quality Management – Quality Management is the constant need to improve and monitor current processes and how to optimize patient care, employee safety, and more. Overall, how you can make your organization better for all involved.  Ransomware – Ransomware is a form of malware that holds data for ransom, requiring practices to pay a ransom for access to PHI.  Security Rule – The Security Rule is a component of HIPAA and sets the standard for all of the necessary safeguards a practice must have in place to protect PHI.  Training – Training is the continuous learning and improvement of all employees (including the owner) of compliance regulations. Update Information – Updating information is very important in compliance, ensuring all information is up-to-date about your practice is key. For instance, have employees leave? Make sure you make a note of that in your policies and roles. With the Abyde software, we do that for you!  Vulnerability Assessment – A Vulnerability assessment is a way to test cyber security frameworks to ensure that your system is secure.  Whistleblower – A whistleblower is someone who calls out violations of compliance. Whistleblowers are to be protected and make our healthcare systems a safer place.  X-ray Safety – X-ray safety precautions are vital, like any use of equipment. For instance, make sure proper protective equipment is worn, use shielding, and be aware of the position of the device.  Yearly Risk Assessment – A Yearly Risk Assessment is a thorough evaluation of your practice’s compliance. With Abyde, we ask these questions throughout the year, ensuring your practice is compliant if you’re doing the right thing! Zero tolerance – There is Zero tolerance for breaking HIPAA or OSHA legislation.  Whew! This one might have been a little bit longer than our traditional ABCs, but they’re all so important to keeping our patients and staff safe. To learn how you can keep your practice or business compliant, reach out to info@abyde.com or schedule a consultation here for Covered Entities, and here for Business Associates.

Ransomware in Healthcare
Best Practices, Cybersecurity, HIPAA

Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Comments Off on Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Ransomware. Even the name sounds ominous! With the Change Healthcare ransomware attack, you might have heard a lot about ransomware in the news lately. While the effects of the attack are wreaking havoc on the healthcare system, you might be wondering what this notorious ransomware is all about.  Well, you’ve come to the right place! We’re here to educate you on ransomware and how your practice or organization can be prepared for this cybercrime.  What is it, exactly?  Ransomware is a form of malware, or malicious software, that encrypts the files of a victim and requires a ransom to access files again. This is a very common way hackers infiltrate healthcare systems and over 4,000 ransomware attacks occur a day!   If you’re confused about how ransomware works, here’s a simple example:  Dan the Doctor was having an alright day, and then he got an email that went to his practice that he thought would turn it into the best day of his life! The email said he won 20 million dollars! All he had to do was click the link in the email to receive it. He clicked it as soon as possible, already dreaming of spending the rest of his life on the beaches of Hawaii.  Spoiler alert: his day was going to get a lot worse.  As he clicked the link, ransomware began its sinister magic: encrypting patients’ protected health information (PHI). He couldn’t believe what he did, putting his patients and his practice in jeopardy. Then, to get access to these files again, he had to pay thousands of dollars, or these files would be put online, putting his innocent patients even more at risk.  His dreams of Hawaii turned into a very hurt wallet and his patients at risk.  While you might think that could never happen to you: email scams, or phishing, are the most common way ransomware attacks are sent.  Our simple example is just a story, but it happens often in the healthcare field. For example, the most recent major cybercrime is the ongoing Change Healthcare ransomware attack, in which they paid 22 million dollars in ransom!  The OCR is also beginning to fine practices and organizations that do not take the proper precautions against ransomware attacks. The first ransomware attack fine was announced in October, costing the Business Associate (BA) $100,000 in HIPAA fines.  What do I do?  Now, while ransomware attacks have become extremely prevalent, with a 278% increase in ransomware breaches reported to the OCR, there are precautions you can take.  Working with an IT company is key for your practice or business, with prevention being the first line of defense. This includes things like encrypting your files, keeping all software up-to-date, having firewalls, antivirus and more.  Additionally, working with a compliance program like Abyde also lowers your risk. By identifying your vulnerabilities and enacting the right protocols, ransomware stands no match! For instance, password updating, proper data handling, access controls, and training, are all different barriers that help your practice or business.  Also, if your practice is infected by ransomware, do not pay the ransom, get the infected device offline and off the network, report the breach to the OCR, and get IT experts to investigate the attack.  To learn more about how your practice can stay compliant and secure against ransomware attacks, email us at info@abyde.com and schedule consultations for Covered Entities here, and Business Associates here.

Common Dental HIPAA Violations
Best Practices, Fines, HIPAA

Most Common HIPAA Violations by Dentists

March 6, 2024 Comments Off on Most Common HIPAA Violations by Dentists

March 6, 2024 Happy National Dentist’s Day! In honor of this special holiday, here’s a cheesy joke. What is a dentist’s favorite animal? A Molar Bear!  Now, please stop cringing. We apologize for the bad joke, if we could, we would give all dentists who use our software a little … plaque. Ba Dum Tsss.  Alright, now back to the more serious stuff. Dentists play an important role in our health, ensuring our smiles stay healthy and bright. However, they also have another major responsibility: following HIPAA regulations and protecting our protected health information (PHI).  Sometimes, dentists slip up on their compliance responsibilities. Here are some of the most common HIPAA hiccups dentists face.  Stolen Devices: One of the most common HIPAA violations for dentists is improper handling of stolen devices with PHI. In our tech-savvy world, computers and other devices play an imperative role in the dentist’s office, withholding information on patient’s personal information like billing, medical records, and more.  If you have a device with electronically protected health information or ePHI, in your practice, make sure it is encrypted, or in other terms, very secure software that makes sure the right people are the only ones who can access it. Additionally, if a device is stolen, make sure remote deletion is set up correctly, letting you delete sensitive data from it with another device. ePHI in the wrong hands can be dangerous, but with the right precautions, you can keep patients safe.  Disregardful Disposal: Another common HIPAA violation for dentists is improperly disposing of protected health information. From creation to disposal, PHi needs to be handled securely by your practice and complaint Business Associates (BAs). We’ve seen the after-effects of mishandled PHI, resulting in hefty fines. For example, a practice in Massachusetts improperly threw out PHI, throwing it in garbage bins outside the practice, and was fined over $300,000. Retaliating Responses: On top of managing your practice’s reputation in person, you have to manage it online. A very common HIPAA violation is disclosing PHI through social media and review sites. While I know it can be hard to not defend your practice, keeping your cool for sure feels way better than losing thousands of dollars to a fine. A California dentist practice learned the hard way by being fined $23,000 for disclosing PHI on Yelp in heated responses. The moral of the story? Keep it short, sweet, and offline. If you want to share a customer testimonial or image of a customer, ensure a media consent form is signed.  Now, those are some of the most common HIPAA violations by dentists. Dentists have a lot on their plate, and sometimes, compliance falls on their list of priorities. That’s where Abyde comes in. We’re here to help make compliance simple for your dental practice, with a plethora of compliance resources. We pride ourselves on our efficiency, like turning the daunting Security Risk Analysis (SRA) into a minutes-long questionnaire, pinpointing everything you need to know for your practice. This results in a scorecard, with best practices to avoid HIPAA violations, including the ones mentioned above! The Abyde software also includes engaging training (that does not require you to shut down your practice for all to complete), dynamically generated policies and procedures, documents, like the media consent form, and more.  We’re here so you can focus on what’s important, taking care of patients.  Have a wonderful Dentist’s Day, and relax, let us take care of the compliance.  For more information on how Abyde can simplify compliance for your practice, email info@abyde.com and schedule a consultation here.

Are you prepared to navigate a HIPAA compliance audit? Join experts for a live webinar with real audit scenarios and outcomes.

REGISTER TODAY
X