Privacy and Security laws and regulations in the health care landscape seem to shift like the proverbial sands. In the last few years, the health care industry has witnessed a host of increased restrictions and some completely new concepts in the context of HIPAA and the HITECH Act (part of the American Reinvestment and Recovery Act of 2009).
HIPAA/HITECH laws and regulations apply equally to all medical providers, large or small. Some of those regulations even apply to businesses who act as “business associates”, even when those businesses never see or contact the patient. And some of the regulations can seem oppressive and nearly impossible with which to comply.
To make the matter even more pressing, in November of 2011, the Department of Health and Human Services Office for Civil Rights (OCR – the entity charged with enforcing HIPAA/HITECH rules) began systematic audits of select medical providers around the country. These audits review the provider’s compliance with HIPAA on a global level, with some focused inquiry into areas chosen by OCR for closer scrutiny (e.g., technology security and training of personnel).
If your medical practice or business hasn’t updated your policies and procedures for HIPAA recently, or if you have been the target of an OCR investigation or patient privacy complaint, we may be able to help. Contact our office to schedule a free consultation.