Thursday, July 21, 2011

HIPAA Regulations and New Technology: HIPAA, HITECH, and Electronic Compliance

HIPAA and HITECH violations are on the rise, and as more and more technology pushes medical records into the realm of EHRs and cloud storage, things will not likely improve. Why exactly is this happening? Sarah E. Swank has a few ideas (free registration required to view article):
In the old paper world before HIPAA, people often guarded patient medical records with good old-fashioned common sense…Our HIPAA policies are stale and our workforce members receive training often created with a focus on paper medical records. In addition, the technology has not caught up with expectations of electronic health record systems to audit access in real time.
It has been said, time and time again, that HIPAA is behind the times when it comes to new forms of communication. This has been most evident in the realms of social media, where companies and facilities are forced to choose between posting what they think is OK while hoping to dodge the compliance axe, or ignoring the platform altogether. So what can medical organizations do to keep their information secure while HIPAA catches up?

Swank lists seven strategies in her article on;
  1. Conduct Regular and Routine Audits
  2. Review Incident Reporting Procedures
  3. Conduct Timely and Complete Investigations
  4. Review and Update Policies and Procedures
  5. Reevaluate Training
  6. Rethink Discipline Determination
  7. Mitigation
What these strategies boil down to is essentially this: Change, Vigilance, and Consistency. Organizations must step up to develop methods of tracking and protecting data in an electronic environment, which can be a complex and daunting task for a group used to handling paper records. HIPAA may have been old hat a few years ago, but we are all back in unfamiliar territory, and it is necessary to give your compliance strategies a second look.


Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at

No comments:

Post a Comment