Being compliant with HIPAA Privacy and Security Rules can be a challenge for all organizations, regardless of size. However, smaller healthcare providers tend to have more issues. Budgets tend to be tighter, and a lack of suitable staff means progress is slow. This was clear from the results of the initial round of HHS compliance audits.
Regulatory entities such as the Department of Health and Human Services’ Office for Civil Rights (OCR), State Comptrollers, and Attorneys General, review data breaches for HIPAA violations, and periodic audits are conducted to examine compliance.
The next round of OCR HIPAA compliance audits will review how well organizations have implemented the requirements laid down in the Privacy Rule, Security Rule and Breach Notification Rule. Healthcare organizations, health plans, healthcare clearinghouses – and Business Associates of the above – will have their compliance efforts thoroughly investigate.
The audits will be carried out on large healthcare providers, multiple hospital systems, the nation’s largest health insurers; however smaller healthcare suppliers will also be tested, and the same rules and penalties for non-compliance apply.
Small practices can, and often are, being fined if their compliance efforts have not reached the required standard of adherence. In 2012, the OCR sent a warning to small practices by issuing a non-compliance penalty to a small healthcare provider in Phoenix, which employed just 5 physicians. Phoenix Cardiac Surgery was forced to settle the OCR for $100,000 after an internet-based clinical appointment calendar was found to be accessible to the general public.
Internet security organizations have realized smaller practices need help with their compliance efforts, and a wide range of compliance tools have been developed to make things easier for small practices. JDL HealthTech is one such company offering assistance for small dental practices.
The latest product to be releasedto the market by the HIPAA-compliant IT service provider is aimed at small dental practices; those typically with between 1 and 3 dentists. Its service, HIPAA Security Essentials for the Small Dental Practice, offers the necessary protections to keep data safe, and achieve compliance with HIPAA Rules.
It adds a number of controls that are normally not used by small practices to secure data. According to JDL, the new service “provides holistic systems management for an enhanced client network protected by commercial-grade firewall, domain controller and wireless access point, enabling security not found in the residential products typically used by smaller dental offices.”
An intrusion prevention and detection security system, commercial-class email system, and numerous other measure are also included in the service.
Mark Mancini, vice president of technology and business development for JDL HealthTech said of the new product, “HIPAA Security Essentials protects dental practices and their patient information from a wide range of security risks and vulnerabilities.” Mancini added, “In addition, HIPAA Security Essentials frees the smaller practice from the capital investments typically associated with achieving real security and compliance.”