What You Need to Know About HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, was developed with the goal of protecting sensitive and identifiable personal health information (PHI).  HIPAA (1996) is comprised of the Privacy Rule, the Security Rule, and Breach Notification Rule.  Under the Privacy Rule, entities, such as healthcare providers and medical billing companies, that work with personal health information are required by law to protect PHI.  The Privacy Rule also sets limits on how this PHI may be used (HIPAA, 1996).  With the advent of technology and electronic means for storing PHI came the Security Rule, which mandates standards for securing electronic personal health information (ePHI).  If a breach should occur, the law currently mandates that it be reported to the Secretary of Health and Human Services (HHS).

While HIPAA is complicated and continuously updated with the changing times, it is absolutely crucial for healthcare providers and their employees to be knowledgeable of the law.  Some ways to ensure that HIPAA compliance is being maintained in your office are:

  • Notice posting: HIPAA requires that notices be easily accessible to patients and that these are posted in office, are provided at the time of arrival, and are available on the provider’s website (Miller, 2017). Ensure that all members of your front office staff provide all patients with copies of HIPAA notices upon arriving to the office.  Display a HIPAA notice in a location in the office that is easily accessible and legible for patients.
  • Staff training: Regardless if staff are just starting out or long-time employees, it is essential that all staff members are knowledgeable and current on HIPAA compliance rules and regulations. Regular training would be optimal for office staff.
  • Assess/analyze: Perform yearly assessments or audits to determine if HIPAA compliance is being maintained in your office and if all ePHI is being handled in the appropriate and legal manner (Miller, 2017).

Today’s healthcare is continuously becoming electronically based, with the need for paper medical records going to the wayside.  With the Security Rule, providers are required to ensure protection of vulnerable ePHI.  This not only extends to the provider office, but also to any entity that deals with ePHI, such as clearinghouses, medical billing companies, and health plans.  There exists numerous electronic health records (EHR) systems that allow for better HIPAA compliance.  Our team highly recommends finding a HIPAA compliant EHR that works for your personal needs as a provider.

As a provider, you also need to partner with a medical billing company that values the importance of HIPAA.  At MedPro Services, all documents we transmit, maintain, and create with our clients are stored on a secure, off-site storage server.  In our office, all of our staff are educated and knowledgeable on current HIPAA practices and continuously strive to maintain compliance in our office.  When possible, we inform our providers of potential security breaches and areas of possible improvement to better preserve HIPAA compliance.  Our practice management system, Healthpac, is…..

HIPAA violations are no joke and no small matter.  Violators may be fined up to $1.5 million and may face up to 10 years in prison (AMA). To avoid consequences such as these, it is important to work with your staff and ensure that you are working with a medical billing company that values security and compliance.


American Medical Association (AMA) (n.d.) HIPAA violations & enforcement. American Medical Assocation. Retrieved from https://www.ama-assn.org/practice-management/hipaa-violations-enforcement

Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191

Miller, S. (2017, July). Troubleshoot HIPAA vulnerabilities with risk analysis and assessment. Healthcare Business Monthly, 44.


Speak Your Mind