Yeah, I don't particularly relish thinking about my own mortality either, but it is inevitable and HIPAA compliance means we have to face it.
Did you know that, in addition to updating your Notice of Privacy Practices and posting the new NOPP on your website, you also have to put it on the wall of your office?
There are 4 tiers of penalties, based on the willfulness, response, culture or egregiousness of the violations.
OCR stands for Office for Civil Rights, and it’s the governmental agency in charge of HIPAA compliance and enforcement. It’s part of the department of Health & Human Services. I like to jokingly call OCR the “HIPAA Police,” but of course that’s silly business about something that is very real and serious. OCR is the agency where people file their HIPAA complaints, where HIPAA investigators come from, and where penalties are handed down. You do need to care, and here’s why:
Short video, produced by the OCR that gives basic information about how new HIPAA regulations affect providers.
Short video, produced by the OCR that gives basic information about how new HIPAA regulations affect consumers.
If you've taken my workshop, you know that not only do you have to have a compliance file with specific items in it, but you also have to maintain that file regularly.
OCR put out an “implementation standards” document in 2010, and those of you who are more tech-savvy than average will find it quite helpful.
Do you want lots more information about the Risk Assessment? Preferably straight from the US government? They have published several documents to help.
The HIPAA for Therapists training and website are designed to help you prevent breaches, not provide assistance if a breach has occurred. In those situations an attorney is the proper resource to provide guidance. However, the OCR’s website has some important information about a situation where a ‘loss’ of PHI is NOT considered a Breach.