Lately, I’ve been traveling a lot to help EMR Legal’s clients stay up to date in their HIPAA compliance requirements in light of the new Omnibus Rule changes and stepped enforcement action by federal and state regulators. EMR Legal, a wholly owned subsidiary of Veterans Press, is the HIPAA consulting company that Jon Tomes and I founded more than a decade ago. I have recently been in Alabama, Iowa, and Michigan to conduct onsite audits for our clients. In addition, for Cross Country Education, I recently conducted HIPAA and HITECH training in San Antonio, Austin, and Houston.
My audits and trainings have been revealing that, although our clients are doing a good job of protecting patient information, for the most part, they are consistently lacking evidence of compliance with HIPAA and HITECH. That is, they are missing written policies and procedures, records of training the work force on those policies and procedures, and records of enforcement. Such evidence of HIPAA/HITECH compliance is critical if you want to survive an investigation or an audit by DHHS and avoid civil money fines for noncompliance. Lately, the fines imposed have ranged in amounts from $50,000 (small hospice) to $1,500,000 (ear nose and throat clinic), to say nothing of earlier fines up to $4.3 million.
If you feel that you may be lacking evidence of compliance with HIPAA and HITECH or may not yet be ready for the Omnibus Rule compliance deadline of September 23, 2013, check out the compliance resources and solutions in the Veterans Press Store. If you are interested in a Gap Analysis, a Risk Analysis, or an onsite or offsite audit of your compliance with the Privacy Rule, the Security Rule, and the Omnibus Rule, I would encourage you to contact Patrick Head at 855-341-8783 ext. 311, or at his direct dial 913.951.5511 or by email at patrick@veteranspress.com to learn more about how EMR Legal can assist you with your compliance burdens.
As an aside, I’d like to give a special “shout out” to my HIPAA/HITECH training attendees in Houston, who figured out that it was my birthday, brought me a slice of birthday cake, and sang Happy Birthday to me. I just want to say thank you, guys. You made my day!