The Health Insurance Portability and Accountability Act (HIPAA) set a standard for protecting patient’s sensitive data, and all companies that deal in any way with this information must follow HIPAA Compliance. HIPAA is a privacy rule to protect individuals and their personal health information.
This privacy law can actually affect small businesses, even though many only associate it with hospital-like settings. All entities that may handle any patient information should provide protection according to the necessary guidelines. Does your business maintain, process, store or even touch protected health information? If the answer is yes, then it must be HIPAA compliant.
Does Your Business Need to Be HIPAA Compliant?
If your business touches or talks about any protected health information or PHI, it must be compliant to HIPAA and its rules. This can include anything from a patient’s name, birthdate, and social security number, to things like discussions involving care or treatment and anything put into a medical record by a health care provider.
Some companies may think that if they don’t have electronic health records, the privacy requirements don’t apply to them, but they do! This HIPAA compliance covers all patient records, including paper ones.
Small business owners need to ensure that anyone who has access to protected health information for their employees understands what information includes a part of someone’s PHI and that any sensitive information is protected at all times. Business owners need to remember that anything collected due to a wellness program, flex spending account, physical, worker’s compensation claim or workplace injury must to adhere to HIPAA laws.
On the black market, your PHI can be worth some big bucks. It can also cost you some big bucks if this sensitive information gets out. The cost per patient record alone is over $300 dollars, imagine if someone dealing with lots of patient’s records were stolen, that number can add up very quickly! This is the value to someone who wants to steal your information and why it is so important to protect it.
The Three Rules of HIPAA
There are three rules of HIPAA that anyone with access to PHI must adhere by. The HIPAA Security Rule, The HIPAA Privacy Rule, and The HIPAA Breach Notification Rule. The Security Rule is in effect to protect PHI when it’s in transit and when it’s in storage and it applies to anyone or system that has access to this information. The Privacy Rule states how this PHI can be used and given out. It ensures that safeguards are put in place to protect the patient’s privacy. The Breach Notification Rule requires notification to patients when and if their PHI is ever breached. It also requires a notification to the Department of Health and Human Services as well as a notice to the media if more than 500 patients are affected. No one wants their business on the 5 o’clock news for a data breach. This is why having access to people’s sensitive information is no joke and should be protected accordingly.
No business is too small to worry about HIPAA Compliance, and it’s important that you and your employees know what needs to be protected. Your company must have a system in place to keep that data safe. Businesses should be sure that the appropriate security measures in place for any part of their business that may store or handle any sensitive information, including emails, documents, scans, forms and the data itself. Need reliable protection of your data that keeps you up to date with these guidelines? With Layer One Network’s data security services, you get reliable protection and consistency so you can focus on your business. Learn more.