Whether you're defining prerequisites and roles for on-site staff or virtual staff, insist that your workers have training to handle protected health information (PHI). Some types of PHI are federally protected from disclosure under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Here are four vital reasons to ensure you hire only HIPAA-savvy workers.
1. PHI Disclosure Can Harm Sensitive Clients
PHI can include details about a person's medical, surgical, or mental health diagnosis and treatment. In the wrong hands, a person's private health history can be smeared all over social media and internet forums. Even in today's more enlightened age, less savory people use sensitive data to publicly humiliate or shun high-profile individuals with professional backgrounds and status.
Recently, a hospital in Chicago fired 50 employees after the staff members improperly reviewed the medical records of actor Jussie Smollett. Although some of the employees, who included nurses, claimed they were simply curious about the actor's health issues, their prying searches through Smollett's health information were egregious examples of HIPAA violations.
If your company's name is associated with a wrong done to a celebrity or industry leader, your business may soon be toast. Don't let your business take the fall for employees with no discretion or training in HIPAA regulations. Make HIPAA training a prerequisite for all employees, or develop your own company-wide HIPAA training program.
2. HIPAA-Compliant Staff Give You Peace of Mind
Employees and virtual assistants who are trained in HIPAA rules understand the importance of discretion and proper definition of data. HIPAA-compliant employees and assistants also realize that you don't need to worry about every single piece of personal information that ends up in your files.
Not all health-related information about an employee or other individual is protected under HIPAA regulations. However, even if a person's data isn't specifically protected by HIPAA rules or is exempt from the rules, your staff should insist on procuring signed release forms from individuals before sharing those persons' data.
A HIPAA-trained employee or assistant understands what a release form is and how important the document can be if personal information must be shared with other businesses, individuals, or agencies. A staff member with no training in HIPAA protocol is likely to neglect to procure release forms.
HIPAA-trained employees give you confidence in your company's ability to offer reliable privacy for your workers and clients. You don't need to walk on egg shells worrying about all of the personal data contained in your business folders.
3. Feds Take HIPAA Violations Seriously
Three federal agencies are involved in investigating and prosecuting HIPAA violations. The United States Department of Health and Human Services (HHS) established the standards for individually identifiable health information. Under the HHS rules, individuals are protected from unauthorized use or disclosure of information considered to be PHI.
The United States Office of Civil Rights (OCR) under HHS is the enforcement agency for privacy and security regulations under HIPAA. The OCR reviews HIPAA compliance and investigates reports of noncompliance with HIPAA rules, but it only acts on specific complaints.
If the OCR pursues a case against your company, the law requires that you cooperate fully with investigators. In most cases, you may remedy your non-compliance or reach a resolution within a certain time frame to avoid penalties for HIPAA violations.
When a violating company offers no resolution or effort to comply with HIPAA standards, the OCR can order payment of civil fines. The OCR can also refer criminal violations of HIPAA regulations to the United States Department of Justice.
In a criminal case, a negligent employee isn't the only one who can be held liable for a HIPAA violation. Company officers and directors may also be charged under corporate criminal liability principles. Charges for company executives or administrators in HIPAA cases can include conspiracy or aiding and abetting.
4. HIPAA Penalties Can Be Steep
It's far less expensive to pay for HIPAA-trained staff now than to pay for pricey legal defense when untrained staff violate the rules. If legal expenses weren't enough of a loss, fees for non-compliance with HIPAA rules can rival your lawyers' fees. Money penalties for HIPAA violations are steep, which hurts small businesses the most.
Penalties for HIPAA violations are as high as $50,000 at the lowest-level of infraction. Imprisonment can be as long as 10 years for some HIPAA violations. Specific types of HIPAA crimes are punishable by payment of restitution to victims of the crimes.
Instead of worrying about your company's exposure to HIPAA-related ruin, be proactive and use the services of HIPAA-compliant staff. Confirm that HIPAA training has been completed by everyone from your permanent human-resources director to your virtual assistants. By insisting on adequate PHI training, you protect your company name and your bottom line.
Hire virtual assistants who are both HIPAA-compliant and bi-lingual, and increase your company's credibility by contacting Uassist.ME today. We match you to clerical staff and specialists who help you smartly manage and grow your business.