We seem to be overrun with rules and regulations these days.  To open a medical office requires understanding of things like HIPAA, Medicare/Medicaid regulations, OSHA, Tax regulations, HR Documentation/policies and even how to run a business, to name a few.  The idea of adding to that list of 'things to do' can be overwhelming.   But, unfortunately, there is at least one thing that you may not be doing today, that you must;  HIPAA Security.  Now, I know what you're thinking….

'My IT company handles that' or

'I have a good firewall, so I'm good' or even

'I did my HIPAA Security when I attested for Meaningful Use'. 

There is a problem with all of those statements: they're wrong.  The dark truth that most vendors aren't telling you is that HIPAA Security is now part of your world and will be something you have to work with on a daily basis until you retire or leave the medical profession.  There is no silver bullet or magic product to get it off your plate.

Now, I know that sounds like a big statement…and it is.  But what we've found a lot of people don't understand is that there is no certificate for being 'HIPAA Compliant' or that no piece of equipment or consultant can make you 'HIPAA Compliant'.  HIPAA Security is a walk, not a place.  You HAVE to deal with it in your office daily. 

Go back and read some of our previous blogs about why this is the case.  See how HIPAA Security is NOT about your Technology or check out The Business Case for HIPAA Security. We've spent a lot of time talking about 'HOW' to be compliant with the Security Rule, but we still have trouble getting through with the 'WHY'.

The 'WHY' of HIPAA Security is simply this...ready for it?...Are you sitting down?....

HIPAA Security is the best thing you can do for your practice and your patients.

Really...it is.  The recent issues with Network Security and personal information that we've seen with several national retailers should help sell this idea.  The 'hackers' of the 80's and 90's are gone.  Those guys were interested in vandalizing your network.  The new breed of hacker now wants your information.  They steal it, sell it and use it to make money...lots of it.

Just like computers are now a part of our lives, professionally and personally, so should the HIPAA Security Rule.  Why?  Because those same computers can be responsible for allowing information about you, your practice and your patients to fall into the wrong hands.  And that can lead to HUGE liabilities and lawsuits for everyone involved!

The point is, we all hate rules that make no sense to us. And when it comes to HIPAA Security, we often don't understand WHY we should have to do all those things the government wants us to do.  But the reality is that whether you completely understand it or not, you HAVE to start working toward the goal of continual compliance.  HIPAA Security is here to stay.  If you are in this industry, you will deal with this issue every day of your career.  If you're not taking the HIPAA Security rule seriously, if you've not documented ALL your policies, if you've not even read the Security rule...then there is no way you're 'HIPAA Compliant' no matter what your Firewall Vendor told you.

While it may be time consuming and even a bit overwhelming, securing your patient health information (and documenting it!) is one of the most important things a medical practice in 2014 HAS to do.

 Jeff Franks is the co-founder of Skysail Software, makers of affordable HIPAA Security Rule compliance management software solutions.  HIPAA FLIGHTPLAN provides centralized documentation of your HIPAA Security Rule compliance program.  HIPAA TIPS delivers Security Awareness training to your entire staff, every month, without impacting your daily operations