HIPAA compliance is a challenge for all medical practices. Patient information is sacrosanct and any breach of confidentiality can have serious legal and monetary implications. While all practices train their staff on maintaining security in accordance with HIPAA guidelines, there’s always the risk that data on routinely used devices such as smartphones, laptops, HR systems, memory sticks and other portable devices will somehow go unprotected. If you outsource non-core activities, check to see whether the breach occurred due to your service provider.
A data breach can occur accidentally or as a result of external hacking. What you need to do is to be prepared with a data breach response plan.
- Have a team of legal experts at hand that you can contact for professional advice
- Specialty services like digital forensic investigations or identity theft protection and resolution may be necessary – keep contact information handy
- Maintain an internal reporting system for timely and appropriate action, especially during the first 72 hours after the breach has occurred
- Immediately after the breach is detected: preserve your digital and other data by securing your premises, identify what’s missing
- Have an action plan ready with clearly defined steps, checklists and timelines so that your staff knows what to do
- Track progress
- Contact the law enforcement agencies if necessary – record all conversations, instructions and steps
Do not delay action as it can prove expensive and trigger law suits. Immediate action and meticulous investigation is necessary, so mobilize your action plan quickly.
While you must take extra care with your internal security measures, you can ensure the safety of the information you outsource for medical coding and billing by partnering with a reliable healthcare business process outsourcing company. Look for a service provider that can provide medical billing and coding services with the utmost regard for patient confidentiality.