Spring 2016: Volume 72, Number 1
Some WSPA members may remember in past (a much better word than “old,” right?) WP articles I have awarded an “alert member” award to those WSPA members who have contacted me with new clinical practice/insurance/payment problems that I am then able to pass along to all members. It’s really quite an honor.
The latest alert member award goes to several psychologists who contacted me about ads they recently received for “New Required HIPAA training programs.” Their questions include: are there new HIPAA regulations; and are these training programs really required? The answer, as always, goes a bit beyond yes or no. No, there are no “new” HIPAA regulations. (Editorial comment: Congress passes all HIPAA regulations. Congress does meet, but doesn’t really pass any new laws, right?) But, no, that is not the entire picture and some members may need to take one of these seminars.
The Office of Civil Rights (OCR) within Health & Human Services (HHS) regulates compliance with HIPAA regulations. OCR is moving to a second phase of auditing health provider & facility compliance with the HIPAA rules. This phase of audits will cover both “covered entities” (providers & facilities) and business associates (if you don’t know what a business associate is, you need to take a course) who are now regulated directly by HIPAA not “through” contracts with us, as had initially been the case.
We must remember that HIPAA requires us to conduct Security Rule risk assessments on an annual basis. We must document that we do this, and how we have created (newly licensed providers) or updated (the rest of us) our plans to keep PHI (if you don’t know what this is you need to take one of these training programs) secure and how you will respond to a security breach. This includes regular training of office staff with access to PHI.
If you took my recent Practice Checkup CE in Seattle or Spokane, consider yourself updated. If you have not or have no idea what I am talking about, take a course. Please remember that there are financial consequences for not responding to a security breach in your practice, and the penalties increase if OCR can demonstrate that you have paid little attention to updating your security processes.
WSPA will be offering a HIPAA update webinar in the not too distant future. Check our website for announcements.