As data breaches seemingly happen more often, it is vital to remain on top of the latest revisions and rules mandated by HIPAA and what its definition of data breach constitutes. One way to do this is by having a designated person responsible for training and remaining on top of HIPAA compliance policies and procedures. It is imperative that staff remain cognizant of the fact that they are not permitted to share health data via social media or through a text message nor are they allowed to access electronic patient health information (ePHI) just because they’re curious. A thorough risk assessment can be extremely beneficial.
An effective way to avoid a data breach is knowing what constitutes a data breach. While the aforementioned unauthorized disclosure or use of ePHI is a prime example, there are a few exceptions that are worth being aware of. For example, a HIPAA-compliant organization may have had someone access the ePHI “in good faith” on its behalf. Knowing these exceptions or having someone who is knowledgeable about these exceptions can be a crucial factor in avoiding millions of dollars in potential fines due to a HIPAA violation.
This update is by Medical Accounts Systems, a full-service healthcare revenue cycle management company providing a number of services including insurance follow up and managed care disputes, physician reimbursement, extended business office services, and more. For additional information on our services or for any questions you may have on topics such as medical payment systems, please call 877-759-6315.