Any organization that handles protected health information is required by law to fulfill all requirements for HIPAA compliance. The office of civil rights, OCR is charged with audits under HHS. Commonly, this requirement is misunderstood by organizations who believe that a mere security risk assessment ensures compliance. There exist over many complexities to Hippa Compliance. The new HHS OCR director, Roger Serverino, recently took time to speak directly to small practices.
“No one is off the hook from potential OCR enforcement actions, including smaller providers with slimmer resources to address health data security and privacy” he stressed.
“Small providers are integral to our healthcare system. We know that. They provide more choice than just centralized institutions,” he said. But smaller provider organization have the same responsibilities as large institutions, he stressed.
HIPAA indeeds mandates that all patient information is secure and this extends beyond meaningful use. Despite this, many electronic health records aren’t as secure as they should be, or are retained for a non compliant period of time. Due to the regulations forcing retention of these records that hold such sensitive information is a lucrative target for hackers. As a result, medical records remain one of the most expensive documents sold on the black market and the dark web.
AllyTech is 100% dedicated to the security and safeguarding of your network and safety of your patients information. In our efforts to protect confidential information, we offer service designed to help you move towards HIPAA-compliant service, step by step.