in HIPAA Headlines by John Brewer

Most physicians look at HIPAA in the wrong way.

The wrong way is to take HIPAA as the “dang government requirement” that “nobody understands”.

A couple things with this:

  1. When you make the choice to take money from the government (Medicaid/Medicare or EHR reimbursement money), whether you like it or not, you also make the decision to live with the “crazy” regulations that come from our government…
  2. Most HIPAA requirements actually make good business sense…

The sooner you view HIPAA as a risk reduction process for you and your practice, the better off you will be.

Let’s take for example this situation at Phoenix Cardiac Surgery, P.C. in Arizona.

What this office screwed up is they had their scheduling calendar on the internet, not password protected.

I’m sure someone thought this was a great idea, but as they obviously lacked proper HIPAA training, they didn’t realize this is bad.

Here are a few quotes from the investigation:

“The investigation found that the practice had few policies and procedures to comply with the privacy and security rules.

…it highlights a multi-year, continuing failure on the part of this provider to comply with the requirements of the Privacy and Security Rules”

” the practice did not implement adequate policies and procedures, document employee training, identify a security officer, conduct a risk analysis, or obtain business associate contracts with Internet-based email and calendar services”


Oh, and don’t forget the $100,000 fine, which quite frankly is tiny compared to what it could have been.

So, listen up doctors, practice manager…anyone at a practice…it is time to get your act together.  Get compliant now while you don’t have huge fines to also deal with PLUS the CMS breathing down your neck…for years to follow.

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

One thought on “HIPAA Hammer Coming Down
  1. Tami says:

    We have a client who is a doctor and refuses to become HIPAA compliant, no training, no policies/forms, there prime services isn’t even set up right as anyone can go in and make changes. My husband has been their IT guy for years and for the last two years we have been trying to get them HIPAA Compliant. We have just informed them that we will no longer do any services for them as long as they are NOT HIPAA compliant or make no effort. This doctor has many locations all over Michigan and non of the offices are even close to HIPAA Compliant nor do they practice HIPAA. I can’t wait to see more audits happen so these doctors see HIAAis no joke.

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *