4 HIPAA Compliance Precautions Your Physical Therapy Practice Needs to Take
If your practice is handling protected health information (PHI) and you have decided to be HIPAA compliant, there are some steps you should take.
The truth is, HIPAA compliance is a great answer to protecting the privacy and security of protected health information (PHI). However, this type of compliance is not that simple and there are certain precautions, rules and things you need to dissect.
Speaking of rules, these are the four main ones that you need to be aware of:
HIPAA Privacy Rule
HIPAA Security Rule
HIPAA Enforcement Rule
HIPAA Breach Notification Rule
Each of these rules should be followed in specific situations. For example, for action items - you should follow the HIPAA Privacy Rule and the HIPAA Security Rule.
The HIPAA Security Rule is made up of three parts including technical safeguards, physical safeguards and administrative safeguards - all including certain implementation specifications as “required” and “addressable”. The required ones must be implemented and the addressable ones must be implemented if it is reasonable and appropriate to do so.
When it comes to the technical safeguards, this includes access control, audit controls, integrity, authentication and transmission security. All of these are rules for tracking user identity and implementing certain electronic procedures.
The physical safeguards, on the other hand, are a set of rules that focus on your physical access to PHI. There are Facility Access Controls, Workstation Use, Workstation Security and Device and Media Controls. When broken down, these standards give you a list of things that you need to implement, from controls to policies.
When it comes to the HIPAA Privacy Rule, it mainly centers around the impermissible uses, breach notifications, disclosures and requirements. Ideally, you should put safeguards in place to protect your health information, reasonable limit the uses and sharing as well as have certain agreements and procedures in place.
The best way to digest all of the rules and specifications is to visit this page and make most of the details. If your EMR is not fully HIPAA compliant, take caution. HENO takes HIPAA very seriously and is fully compliant in every aspect.
Katie co-founded HENO based on her career as a physical therapist and practice owner of over 10 years. Her understanding of the pain points many practice owners face has equipped her to create practice management solutions that optimize the efficiency and profitability of physical, speech and occupational therapy clinics.
Discover all the ways to streamline your practice with our end-to-end practice management platform.