Slideshow 5 tips to ensure HIPAA compliance

  • March 04 2016, 2:22am EST


The Health Insurance Portability and Accountability Act applies to company health plans and all business associates, including advisers, who help the employer carry out its health care activities and functions. It requires confidential handling of protected health information and mandates industry-wide standards for health care information on electronic billing and other processes. To avoid HIPAA compliance issues, Margaret Davino, a partner at the Fox Rothschild law firm suggests these tips.

1) Make sure your security risk analysis encompasses all entities within your “family.”

Don’t just analyze your electronic health record, but focus on each entity and location from which protected health information might be stolen or lost, Davino says.

Content Continues Below

2) Use HHS’s Security Risk Assessment Tool to identify whether corrective action should be taken.

Especially if the employer or business associate is a small entity, Davino suggests using the HHS Security Risk Assessment tool to identify compliance issues that can be corrected. In other words, she says, “There’s no excuse for ignoring item number one!”

3) Encrypt data, if at all possible.

Davino says employers and associates should make sure data encryption is up to NIST encryption standards.

Content Continues Below

4) Check that you have updated Business Associate (BA) Agreements in place for all BA relationships.

Check first to make sure it’s really a BA relationship, she adds.

5) Have a mobile device policy.

Include mobile devices in your security risk analysis, Davino suggests.