HIPAA has been the elephant in the room that no one really wants to talk about. When HIPAA was first enacted, audits and fines were rare. However, with the government outsourcing audits, HIPAA violations have undergone much more scrutiny with ever-increasing fines for violators.
Grant Helferich, Omni’s Director of Client Performance and Training, recently attended a seminar on continued HIPAA compliance. As you can see in his picture above, he takes HIPAA very seriously! He provides a few simple tips to staying HIPAA compliant in the following Q & A session:
First of all, what is HIPAA?
HIPAA is short for the Health Insurance and Portability Act of 1996, passed by Congress to set standards for providing privacy and protection to patient’s personal health information. Any service that deals with protected health information (PHI) must ensure that there are security measures and protocols in place to prevent a breach.
Why is everyone up in arms about HIPAA all of a sudden?
Part of the reason is increased audits from Medicare. When they’re doing audits, they’re finding a lot of HIPAA violations, and recovery of funds and fines has made it more affordable to investigate HIPAA violations. The increased returns allow them to hire more agents and consultants to go out and do more audits. Some of it has also to do with cyber security, and with most people’s information getting out there, they’re wanting to prevent leaks by making sure people are using proper techniques and processes for securing the data.
What is the biggest change in HIPAA that you discovered during this seminar?
I don’t know if there are any changes. It’s just in the enforcement; they look at things under more of a microscope. They’re pushing more on doing a risk analysis, so you should do a risk analysis every year for potential violations or ways to prevent breaches in your agency.
What is the single most important thing a service should be doing to improve their HIPAA compliance?
Make sure you have a HIPAA compliance policy on file that is current. Make sure your staff is receiving regular training on HIPAA compliance rules and regulations, as well as your compliance plan.
What if there is an accidental breach of HIPAA? What should we do next?
Inform your HIPAA compliance officer. The HIPAA compliance officer needs to notify anyone whose information was potentially exposed, file with the Secretary of Health & Human Services, and develop a plan to make sure the exposure is not repeated and add it to their HIPAA compliance policy). For more information on the exact procedure for breach notification please visit the following link: Breach Notification Rule.
Some take away points:
- Don’t leave documents with PHI lying around out in the open
- Make sure the doors and file cabinets are locked
- f your crews carry cell phones, make sure you have a cell phone policy, especially on taking pictures on the scenes.
- Make sure you use encrypted email or fax machines when sending patient information, runs or face sheets to relevant business associates. For example, Omni uses a HIPAA compliant encrypted FTP server to share any documents containing sensitive information with our clients.
- Understand that sitting around a coffee table and talking about your calls all day may be a HIPAA violation because if your partner doesn’t need to know that information you shouldn’t be telling them. While there are some allowances for training purposes, just saying something like “we ran Fred Smith on a shooting” should never happen.
Grant Helferich is employed as the Director of Client Performance and Training with Omni EMS Billing in Wichita, Kansas. He is a former member of the KEMSA Board and has also served as the treasurer and president of the KEMSA Administrator’s Society. He was certified as an EMT, EMT-I, M.I.C.T. , and T.O. II. Grant has worked in EMS for over 35 years in roles such as an EMT, EMT-I, M.I.C.T., Field Supervisor, Flight Paramedic, Cardiovascular Specialist, Assistant Director, and Director of EMS.