Have you looked at your HIPAA Privacy and Security Policies Lately?

If you haven't looked at your HIPAA Privacy and Security Policies lately, NOW is the time to do so!!  There were MAJOR changes included in the HITECH which was a part of the American Recovery and Reinvestment Act (ARRA).  As a result of this, many of the policies and procedures physician practices implemented in 2003 when HIPAA went into effect, must be updated.

Some of the changes implemented are:
>Increased liability for not being in compliance with HIPAA standards (The old fine was a maximum of $25,000 per violation; NOW that's just the first level of fines and fines can now be $1.5 million for a single violation!!!)

>The HITECH act also mandates that audits be conducted on covered entities (physicians and physician practices); the federal government can walk into your office and ask to see your policies and procedures at ANY TIME even if NO complaints have been filed against you!!

>The breach notification policy states that if one patient's secured record has been breached, the patient must be notified, as well as, the Federal Government.  If more than 500 patients' secured records have been breached, you must notify the affected patients, the Federal Government and local news media!

>Also, update your Business Associates Agreements-your BA has several new policies they must implement to protect you!

Don't delay in updating or implementing your Privacy and Security Policies-the consequences greatly out way any costs!