When we say this podcast is all about the Health Insurance Portability and Accountability Act (HIPAA), we don’t expect anyone to get super excited. But if it’s been awhile since you thought about your practice’s HIPAA compliance, or if you’ve never even had a plan in place, this podcast could not be coming at a better time for you. Matt DiBlasi is the president and co-founder of Abyde, a stress-free HIPAA Compliance solution that helps take the burden of staff training and developing compliance protocols off of doctors. “A lot of times HIPAA is treated like a four-letter word instead of a 5 letter acronym,” DiBlasi jokes. “It doesn’t have to be.”
DiBlasi shares that Abyde was founded on the principle that HIPAA compliance programs should be easy for doctors to implement, not difficult or burdensome “We’re all patients somewhere,” he explains. HIPAA by principle is a way for doctors to protect patients and their practices. Securing sensitive data is both ethically and morally a core principle to serving our patients in the best way.
What happens if your HIPAA compliance plan is not existent? You are leaving yourself at considerable risk for a random audit or investigation following a patient or staff member complaint. There are different ways that an investigation will occur:
- Proactive audit “There is no such thing as the HIPAA police, but it is possible, though rare, to get proactively audited by the government,” DiBlasi states. Audits and HIPAA fines are on the rise across the country. In fact, 73% of all financial HIPAA Settlements have been in the last 4 years.
- Data breach “If you have a data breach, you are under obligation to report it,” DiBlasi explains. If enough patients are affected, you might even have to report it to the media. Your office needs policies and legal protections in place. “If your data is breached, how do you prove that you were doing everything in your power to protect patient information before this happened?”
Documenting a “culture of compliance” is essential for protecting your practice from hefty legal fines that could completely put a doctor out of business. On the small side, DiBlasi has seen $10,000 fees levied to a dental practice for inappropriately responding to online reviews. The largest HIPAA fine in history was $16 million.
Online reviews are one of the biggest areas of risk for small, independent practices. Whenever you respond to any online review, you need to make sure that you don’t address the person who left the review or comment as a patient. Even confirming that the person was seen as a patient in your office would be considered sensitive patient information under the law. While this may seem extreme for an optometry office, consider if you were a psychiatrist and publicly announcing that a person was a patient under your care. The implications of this would definitely be deemed sensitive, and all of us must follow the same rules across all medical specialties. So how do you respond to a bad review? “We appreciate your feedback. Please contact our office at XXX-XXXX so that we can help resolve any concerns.”
“HIPAA compliance is not a check box that you deal with once, and then you’re done,” DiBlasi explains. To be in compliance, it requires ongoing education and staff training programs. Abyde is more than a software, it’s a full suite HIPAA compliance program that ensures your practice is protected. The service includes personal consultation, an office risk analysis to identify vulnerabilities in your practice, and ongoing staff training to make sure your practice is continually safeguarded. The goal is that practice owners will never stress about HIPAA again.