EHR and practice management for mental / behavioral health
PIMSY behavioral health EHR shares HIPAA misinformation - and facts

HIPAA Misinformation

by Donna Koger, 2.11.17

The Plain HIPAA Facts

How do you know what is true and what is false in the HIPAA world? Many people have been confused about HIPAA information that could interfere with their total compliance. Here are five samples of compliance misinformation:

1. Over & Out

Compliance isn’t something you can partially or fully complete and then rest on your laurels. The HIPAA documentation and procedures you have defined must be reviewed and adjusted each year so that your ongoing compliance remains intact.

Another fact is that, according to HIPAAtrek, YOU MUST have knowledge of your company’s procedures. If your business has established processes and procedures, everyone in your company must have updated HIPAA knowledge appropriate for their role.

2. Only Providers Need To Be Compliant

Ever heard of a Business Associate? What about the companies you do business with – are THEY compliant? Anyone who accesses your client data, such as your EMR software support, labs, etc., must also have the required documentation, procedures and processes in place in order to be HIPAA compliant.

Providers (Covered Entities / CEs) should obtain documentation from their Business Associates proclaiming their HIPAA compliance. If you need a Business Associate statement from the PIMSY folks, get in touch with us and we will be glad to send our HIPAA compliance documentation.

3. Hey You!

What if someone calls out a client’s name in the reception room or other public area? What about a sign-up sheet available to anyone? Well, rest assured, these are both acceptable in the HIPAA world, as are the client names on hospital or nursing home doors. As long as the information goes no further than name, appointment time or anything else that doesn’t share non-compliant PHI.

4. Auths or No Auths?

When you share information with other health care providers who are important to the care of your client, it is considered HIPAA compliant. According to HIPAAtrek, sharing protected health information with an outside company that is acting on our behalf is not a violation.

5. Only OCR?

There are several agencies that can report businesses who are non-HIPAA compliant and enforce compliance rules and regulations. In general, these are:
a. Office for Civil Rights (OCR)
b. Department of Justice (DOJ)
c. State agencies
d. Attorney generals
e. Federal Trade Commission (FTC)

For more information on compliance, please visit here.

Donna Koger

Donna Koger

Donna Koger is the HIPAA & Security Compliance Officer at PIMSY EHR. For more electronic solutions for your agency, see Mental Health Practice Management.

Author: pehradmin

Author: pehradmin

Kudos from Clients

Seth H.

“PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

~ Seth H., Business Owner