The EHR vendor namely Practice Fusion was charged with illegally disclosing consumers PHI – Protected health information. The charged party didn’t clearly explain to their consumers about how the PHI will be distributed, maintained, as well as protected.
Of course, this activity is easily spotted by the observer.
Practice Fusion has been popular name amongst healthcare entities and institutions because of its electronic health record platforms. They were planning to post their consumer reviews of their doctors publicly. Regardless of their intention, it is a real example of the patient’s privacy breaches.
Long story short, Practice Fusion representatives made contact with their consumers by email. Their responders took the survey form with questions of their medical experiences. They will need to fill the form with their personal information including names, phone numbers, as well as medical history.
Now the problem is here. Practice Fusion allegedly falsely lead the clients with the understanding that the information will be delivered to their doctors while in fact Practice Fusion used this opportunity for their own benefits.
It is not good for this party to make statements about the privacy or the confidentiality of the information they gather from the patients and consumers. With such misleading information, the FTC settled it for good. The company is required to give the patients understanding on how they are going to use their information. It’s also important to note that patients should give their consent before proceeding.
Ones should not play around with their customers’ data for their own benefits. There has always been risk in letting the EHR industry handle the medical information of their clients. Third parties often mislead the professionals, doctors, and consumers about the health data is used.
The Importance Of The EHR Compliance
It is important to comprehend that the Electronic Health Records or EHR is not out of options because it comes with tons of advantages rather than disadvantages.
Many entities have seen the importance of EHRs in their premises. Therefore, it is a sensible move to convert the paper medical information to the electronic health records or EHRs. Therefore, for all the professionals or persons in charge, it is important to be wise and assertive in choosing the right EHR platform for their health entities. The right EHR can bring the benefits over the important data management.
HIPAA rules are eligible for both paper charts and EHRs. so, when ones migrate the paper charts to the mentioned EHR platform, they must follow the HIPAA rules for keeping the patient privacy safe.
The Thing is that not all EHR platforms are compliant towards the HIPAA privacy rules. There have been many cases of security breaches in the EHR for any purpose. Not to mention that not all platforms are made equal. Depending on the level of protection that they offer, there are signs of vulnerability of the data. Choosing the right EHR system is highly prevalent for all health entities.
How to become HIPAA compliant? You might have sort of questions when seeing a company like Practice Fusion which charged by violating the HIPAA rules.
There is no secret sauce or whatsoever. There is only transparency. Being HIPAA compliance is coming from the systematic approach.
If ones are working in the entity which covered by the HIPAA rules, then they have to be compliant at all cost. If you are the person in charge, then you will need to make the audits and updates to improve the quality of your HIPAA compliance.
There will be the HIPAA compliance checklist you’d like to comprehend before proceeding. You can use the checklist to check on the progress of your premises. The useful list can be beneficial for self-evaluation. It is a great idea to audit earlier so that you will realize the rooms for improvement quicker than before. These are the issues that you and your crew will need to properly address: security, privacy, administrative deficiencies, as well as any other issues. Here is a checklist you could consider:
- Check if you have created the remediation plans to identify the rooms for improvement.
- Have you made policies and procedures which are compliant to HIPAA?
- Have you encouraged all your staff to comprehend and practice the policies and procedures?
- Have all staff members comprehended the HIPAA policies and procedures?
- Do you have solid proof that you’ve distributed the rules to your staff members? In what forms?
- Have you documented the annual reviews of the HIPAA policies and procedures? If not, how will you do it?
- Training for basic HIPAA compliance is important. Have you conducted this for your staff members and yourself?
- Have all your employees understood and comprehended the HIPAA basics through the formal HIPAA training?
- Have you documented the HIPAA training conducted by your staff members?
- Do HIPAA rules apply to all of the business associates?
- Have all the business associates had things to do with the ePHI? In what levels?
- Are you working with the business associates who are compliant to the HIPAA rules? Do you have the authority to check on them?
- Are you getting the due diligence of your Business Associates? Do you have the documents which back up your due diligence?
- do you have the resources to troubleshoot the cyber breaches and other relatable security problems?
- Do you have the measurements in managing the PHI security details?
- How do you document the investigation of the problems?
- Are you able to manage the reports on breaches and incidents, no matter what the scale they have?
- Do your staff members have the ability to anonymously report an incident?
The checklist can be increasing or decreasing, depending on how much you have been working on your HIPAA compliant checks. Keep in mind to check every corner of your staffs corners to see if there is any possible room for improvement.
The key to having a successful checklist is to get through with all of the documentations. That means you will have to handle the proper documentations of your audits, policies, training, breaches, investigations, procedures, and other kinds of documentations. You will see the perks in documenting all of the things. When you don’t miss a single thing, that means the more you will be able to be compliant to HIPAA.