10 Best Practices to Keep Medical Staff HIPAA Compliant

10 Best Practices to Keep Medical Staff HIPAA Compliant

Complying with HIPAA can be an unnerving for medical providers, especially when their failure complies leads to fines way up to $50,000 or more per violation.




According to HHS’ Office of Civil rights, private practices require most corrective actions to enforce HIPAA.

Another problem is hospitals, outpatient facilities, health plans and pharmacies which needs to get corrected, most oftenly. OCR has resolved around 23,805 HIPAA violation cases since 2003 by leveraging corrective actions, lending technical assistance and changes in privacy practices.

We have compiled list of 10 best practices to keep your medical practice HIPAA compliant:

  • Train your staff to handle protected health information (PHI) appropriately.
  • Designate HIPAA champion to draw emphasis on security standards and educate staff members.
  • Assign different staff for different security level. This prevents people from inadvertently looking at the data outside the scope of their work.
  • You need to know when you can and cannot disclose PHI. Many providers take HIPAA as overly cautious approach due to which they discuss code of silence with their family members too.
  • Make sure to remind your medical staff to not access patient records unless it’s necessary for work or do it with patient’s written permission.
  • Secure electronic data through authentication, encryption and passwords, as required.
  • Go for two step verification. For instance, fingerprint or mobile phone verification, password verification plus voice recognition.
  • Always remembers to close computer programs before moving away to another task. Practice management systems which go offline automatically after a set amount of time can immensely help.
  • Try to store paper files with PHI in locked cabinets, use cover sheet when faxing and shred when disposing.
  • Select HIPAA compliant cloud server for all your data security needs. According Government Health IT, cloud is safer in many cases than client servers for patient records.

Keeping the above discussed points can help you deal with patient data in an effective way. If you are outsourcing your coding and billing requirements then make sure to check with your coding and billing partner are HIPAA complaint.