Aug 15, 2022 | Live Compliance, Partner
HIPAA Training Standards Every Business Associate Needs to Know
Per the HIPAA Privacy Rule and HIPAA Security Rule, both Covered Entities and Business Associates, must require HIPAA training for all workforce members that access protected health information (PHI) or electronically protected health information (e-PHI) in any of its forms and should be provided “as necessary and appropriate for the members of the workforce to carry out their functions within the [organization].”
According to the Rule, training must be provided “to each new member of the workforce within a reasonable period of time after the person joins the [organization’s] workforce.” Along with all other annual compliance requirements, HIPAA training is arguably the most important. Your workforce members are your first line of defense in the event of a Breach and must be able to identify your organization’s designated HIPAA Security Officer, and have a firm understanding of the HIPAA Privacy and Security Rule. Training should also highlight the organization’s Technical, Administrative, and Physical Safeguard objective security requirements. It is best practice to provide ongoing security awareness training and, in addition to the mandatory annual training, the Privacy Rule also highlights what’s known as “periodic” training. The goal is to ensure workforce members’ knowledge of HIPAA compliance is not forgotten.
It’s advisable that HIPAA training is given to all employees as new hires during the new employee orientation period, and before new employees are exposed to or work with individually identifiable health information. This includes officers, agents, employees, temporary employees; like students, interns, volunteers, and salespeople. At a minimum, training should cover the basics of HIPAA, the basics of privacy and security requirements and restrictions, and policies and procedures. All new hires need to be provided HIPAA training and a post-test on the material covered within the training course to ensure comprehension of relevant and appropriate HIPAA policies and procedures. Security Officers should be trained on the Breach Notification Rule, Minimum Necessary Rule, and the Organization’s policies and procedures.
The HIPAA Privacy Rule states that “An [organization] must document that the training as described [in the HIPAA Text] has been provided.” Failing to do so will be seen as “willful neglect” and will result in HIPAA violations including monetary penalties as high as $1.5 million dollars. A minor violation may only result in a corrective action plan requirement, whereas a significant data breach attributable to a lack of training will be viewed more seriously.
At Live Compliance, we make checking off your compliance requirements extremely simple.
- Completely online, our role-based courses make training easy for remote or in-office employees.
- Short informative video training to meet periodic training requirements
- Depending on the size of your organization training may start as low as $79
Call us at (980) 999-1585 or visit us online at www.LiveCompliance.com/ezclaim
EZClaim is a leading medical billing, scheduling, and payment software provider that combines a best-in-class product with exceptional service and support. For more information, schedule a consultation today, email our experts, or call at 877.650.0904.
Nov 10, 2020 | Administrative Safeguards, Cloud Security, EZClaim Cloud, HIPAA, Live Compliance, Medical Billing Software Blog, Partner
As 2020 comes to an end, the last thing on anyone’s mind is what operating system is installed on their computers. However, many are unaware that Windows 7 end of life happened over 10 months ago, and according to Microsoft, “If you are still using Windows 7, your PC may become more vulnerable to security risks.”
When an operating system reaches the end of its lifecycle, servicing and support is no longer available for the product. This means, Microsoft no longer releases important security updates or technical support for any issues! In addition to that, the antivirus software, “Microsoft Security Essentials,” is also unavailable, and they are warning that, “Windows 7 users will be at greater risk for viruses and malware.”
As a result, possibilities of exploitation of private and sensitive data and information is increased, which makes it even more easily accessible to lurking hackers. The Windows 10 update is a safer solution for the common user, but there are still some steps that both Covered Entities and Business Associates should take in order to remain in compliance with privacy settings and HIPAA Rules and Regulations after making the upgrade.
One of EZClaim’s partners, Live Compliance, is an expert in determining compliance, and have offered to help. In addition to upgrading your machine to the latest version, the Live Compliance team of HIPAA and HITECH experts will also ensure that your computer meets all other important compliance requirements, and is safe from other common vulnerabilities.
So, if you have questions regarding your organization’s compliance, Windows 7 end of life, or even assistance in setting up Windows 10, contact Live Compliance at 980.999.1585, or e-mail Jim Johnson.
[ Article contributed by Jim Johnson of Live Compliance ]
EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at email@example.com, or call a representative today at 877.650.0904.
Oct 13, 2020 | HIPAA, Live Compliance, Medical Billing Software Blog, Partner
New HIPAA compliance requirements are coming!
In an effort to make the HIPAA Privacy Rule as easy to understand as possible, the Office for Civil Rights (OCR) has come up with a list of rules that clearly explain what Business Associates are now “directly liable” for. As OCR Director Roger Severino explains, “We want to make it as easy as possible for regulated entities to understand, and comply with, their obligations under the law.” The list consists of ten rules that, if failed to follow, can result in penalties and monetary fines.
[ Note: Check out our previous post to access this list ].
As we enter the fourth quarter of the year, you may be wondering what immediate requirements should a Business Associate complete before the end of the year?
One of the most important rules also includes information about Business Associates, and their need for proof of satisfactory assurance when the covered entity requests this of them. Satisfactory assurance is crucial, because it ensures the Business Associate is HIPAA compliant, and therefore, must also be in the form of a contract.
The Satisfactory Assurance contract is oftentimes outlined in the form of a questionnaire, and requires the Business Associate to disclose the date of completion for various compliance requirements.
These include distribution and completion of workforce HIPAA training, implementation and distribution of policies and procedures, Business Associate documentation, and completion of an annual HIPAA Security Risk Assessment.
Are You Prepared?:
If a Covered Entity requests this proof from your organization, would you be able to successfully complete it without outdated completion?
If you are uncertain that your organization would be able to easily and efficiently provide that documentation, you may be facing thousands of dollars in fines for each vulnerability!
HIPAA Compliance Myths:
False: The security risk analysis is optional for small providers: All providers who are “Covered Entities” under HIPAA are required to perform a risk analysis. In addition, all providers who want to receive MU, and MIPS incentive payments must conduct a risk analysis.
False: Our office uses the Cloud, so we don’t need a risk assessment: Even if you have a fully HIPAA compliant cloud vendor, your patient data (ePHI and PII) still must go through all your systems to get to the cloud. So, you are still required to perform technical, administrative, and physical security risk analyses.
False: Our EHR makes us compliant, so we’re fine: While your EHR may provide excellent privacy and security features, it definitely doesn’t exempt you from the HIPAA security requirements.
Live Compliance helps their clients meet the ever changing and complex HIPAA State and Federal regulations. They protect the information they are entrusted with, and ensure their clients pass any Health and Human Services audits. If you are unsure or need assistance, call Jim Johnson with Live Compliance at (980) 999-1585.
Live Compliance is a partner of EZClaim, a medical billing software company. For more details about their solutions, visit their website at ezclaim.com.