I was reading an article last week on HIPAA compliance in “Private Practice Success” (www.hcpro.com) whereby various potential HIPAA violation fact patterns were presented and a determination was made whether or not HIPAA was indeed violated. One comment in the article obviously caught my eye: “However, the physician does have a federal obligation to provide proper privacy training for his office staff. It is a violation to not provide such training.”
As I work with physician practices, they all say “we are in compliance with HIPAA.” Like OSHA compliance, they just think they are. It is easy to see they are not. Do patients have access to the practice’s privacy policies? Does your practice have a formal HIPAA compliance auditing program in place? Has HIPAA training been conducted for all employees and physicians? Have all business associate agreements been mailed and executed? I wonder how many practice are really in TOTAL HIPAA compliance; my guess? – Not many.