Share this article on:
Achieving compliance with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size; however smaller healthcare providers tend to have more problems. Budgets tend to be more restrictive, and a lack of suitable staff means slow progress is made. This was clear from the results of the pilot round of HHS compliance audits.
Regulatory bodies such as the Department of Health and Human Services’ Office for Civil Rights (OCR), State Comptrollers, and Attorneys General, investigate data breaches for HIPAA violations, and periodic audits are conducted to assess compliance.
The next round of OCR HIPAA compliance audits will assess how well organizations have implemented the requirements laid down in the Privacy Rule, Security Rule and Breach Notification Rule. Healthcare organizations, health plans, healthcare clearinghouses – and Business Associates of the above – will have their compliance efforts put to the test.
The audits will be conducted on large healthcare providers, multiple hospital systems, the nation’s largest health insurers; however smaller healthcare providers will also be tested, and the same rules and penalties for non-compliance apply.
Small practices can, and are, being fined if their compliance efforts have not reached the required standard. In 2012, the OCR sent a message to small practices by issuing a non-compliance penalty to a small healthcare provider in Phoenix, which employed just 5 physicians. Phoenix Cardiac Surgery was forced to settle the OCR for $100,000 after an internet-based clinical appointment calendar was found to be accessible to the public.
New HIPAA-Compliance Tool Released for Small Dental Practices
Internet security companies have realized smaller practices need help with their compliance efforts, and a wide range of compliance tools have been developed to ease the burden on small practices. JDL HealthTech is one such company offering assistance for small practices.
The latest product to be released by the HIPAA-compliant IT service provider is aimed at small dental practices; those typically employing between 1 and 3 dentists. Its service, HIPAA Security Essentials for the Small Dental Practice, offers the necessary protections to keep data secure, and achieve compliance with HIPAA Rules.
It adds a number of controls that are typically not used by small practices to secure data. According to JDL, the new service “provides holistic systems management for an enhanced client network protected by commercial-grade firewall, domain controller and wireless access point, enabling security not found in the residential products typically used by smaller dental offices.”
An intrusion prevention and detection system, commercial-class email system, and numerous other protections are also included in the service.
According to Mark Mancini, vice president of technology and business development for JDL HealthTech, “HIPAA Security Essentials protects dental practices and their patient information from a wide range of security risks and vulnerabilities,” Mancini went on to say, “In addition, HIPAA Security Essentials frees the smaller practice from the capital investments typically associated with achieving real security and compliance.”