Complying with all aspects of HIPAA Rules can be a major challenge, especially for small to medium sized healthcare organizations. Unsurprisingly, with the stakes high and the complicated nature of compliance, many organizations turn to compliancy specialists to ensure all aspects of HIPAA Rules are followed and nothing slips through the net. The highly variable quality of compliance services was one of the reasons Compliancy Group was formed.
Compliancy Groups initial aim was to create a superior total compliance solution that would ensure HIPAA-covered entities fulfilled their compliance obligations, protected patient privacy and ensured the PHI of patients was secured at all times.
Compliancy Group developed an innovative HIPAA compliance software solution called The Guard™. The Guard™ is a user-centric, total HIPAA compliance solution for healthcare providers, health plans, healthcare clearinghouses and business associates of covered entities.
The Guard™ was developed by HIPAA experts to take the stress out of compliance and to guide covered entities through the maze of HIPAA regulations to ensure total compliance with all aspects of HIPAA Rules.
The Guard™ serves as an easy-to-access repository for all compliance documentation. Users have quick access to assessments on the status of compliance, with the steps that need to be taken clearly laid out.
Each client is assigned a coach to guide them through use of The Guard™ and to provide expert assistance on the steps that must be taken to comply with all aspects of HIPAA Rules. Coaches are on hand to answer questions about specific aspects of HIPAA Rules and help them to achieve, illustrate, and maintain compliance in the short, medium and long term. Organizations are assisted on a weekly basis by Compliancy Group coaches to ensure they are kept on track and address gaps in their compliance programs.
All healthcare employees are provided with web-based access to compliance documentation, ensuring all members of staff play a role in compliance and are aware of their obligations. All materials are organized efficiently to suit the needs of each practice, with documentation readily available should the Office for Civil Rights, state attorney generals or other regulators require access to HIPAA documentation.
Compliancy Group’s HIPAA compliance experts are on hand to assist covered entities with:
Risk Assessments and Internal Audits
Compliancy Group assists covered entities with risk analyses and assessments covering privacy, security, device management and technical, physical and administrative controls. Internal audits assess all controls against HIPAA privacy, security and breach notification standards and identify compliance gaps.
When compliance gaps are identified, Compliancy Group helps organizations to develop and implement a remediation plan to correct HIPAA violations.
Development of Policies and Procedures
Compliancy Group helps covered entities develop and implement policies and procedures that meet HIPAA standards and match the unique needs of each practice.
Staff Compliance Training
The Guard™ includes staff training modules to ensure HIPAA policies and procedures are understood by all members of staff, including supplying documentation for employee attestation.
Documentation and Version Control
HIPAA requires organizations to document their compliance efforts, with documentation stored in an easy-to-access, secure repository, accessible via and easy-to-use GUI.
Management of Business Associates
Keeping track of business associates and ensuring HIPAA-compliant documentation exists for all vendors is made easy. Assistance is provided to ensure business associate agreements are obtained, with The Guard™ keeping track of all organizations that have been provided with access to PHI.
Data Breach Management
Data breaches are now a fact of life. When a breach occurs, it is essential that covered entities respond in a compliant manner. The Guard™ details the steps that must be followed, including providing the documentation for issuing notifications to patients and reporting incidents to appropriate authorities within the time frames demanded by HIPAA.
Compliancy Group’s HIPAA compliance software allows healthcare professionals to concentrate on running their practices, safe in the knowledge that protected health information is secured, HIPAA Rules are being followed and information is available to external auditors.
Many Compliancy Group clients have been audited by industry regulators, but no clients have failed a compliance audit.
Non-Compliance Increasingly Attracts Financial Penalties
The Department of Health and Human Services Office for Civil Rights prefers to resolve compliance issues with non-punitive measures; however, the past two years have seen a significant rise in financial penalties for non-compliance with HIPAA Rules.
2016 saw record numbers of settlements between OCR and covered entities to resolve HIPAA violations that contributed to data breaches. 12 settlements were reached and one Civil Monetary Penalty was issued, with $23,505,300 paid to OCR in 2016 – An average settlement of $1,808,100 per covered entity.
The outgoing OCR Director, Jocelyn Samuels, oversaw the increase in penalties, with the CMP against Lincare Inc., confirming the lengths OCR will go to ensure covered entities are held accountable for data breaches that could have been prevented. Samuels said, “This case shows that we will take the steps necessary, including litigation, to obtain adequate remedies for violations of the HIPAA Rules.”
The new OCR Director Roger Severino has made it clear that settlements and litigation can be expected when covered entities fail to abide by HIPAA Rules. 2017 looks set to be another record year for HIPAA settlements.
By the end of May 2017, nine settlements had been reached with covered entities, including the largest HIPAA fine to date – $5.5 million paid by Memorial Healthcare System. This year’s settlements to May 2017 total €14,593,000 – An average penalty of $1,621,444 per covered entity.
With budget cuts next year, OCR is expected to make up the shortfall through compliance penalties. More settlements for non-compliance can therefore be expected.
OCR investigates all breaches of more than 500 records and with healthcare organizations facing a higher risk of data breaches than ever before, 100% compliance with HIPAA Rules has never been more important.