1. It is required by state and federal law. An annual, documented risk assessment is required to be compliant. Do you have a documented Risk Assessment and Remediation Plan?
2. It is a good defense in case of an audit. A federal pilot audit by the U.S. Office of Civil Rights (OCR) now under way indicates that HIPAA privacy compliance among covered entities is less than 30 percent; a full blown audit program may follow. OCR, via its auditors, has made it clear that the general theme of the audits is “show me your written policy, and show me you followed it.” Do you have a written policy and procedures manual and can you prove you follow it?
3. It is required to comply with Occupational Safety and Hazard Administration’s (OSHA’s) standards even if I have fewer than 10 employees, OSHA applies to all employers; you are merely exempt from maintaining an injury log. Your practice must still maintain a written control plan. Do you comply with the standards?
4. It is all new because of Texas House Bill 300, effective 9/01/2012. This law contains more stringent regulations than the federal requirements. Have you updated your Business Associates Agreement Letters? Have you modified your staff training? Have you updated your policy and procedures manual for patient right provisions?
5. The vast majority of physicians will be reported to the Texas Medical Board (TMB) at least once in their career. Your basic medical malpractice insurance policy does not include the limits needed to fight an appeal of a board action, however, a large percentage of these appeals are won. Has it happened to you, yet?
6. 40% of small businesses report that they have been a victim of fraud. The median loss experienced by a small business is $147,000. Small organizations are the most common victim making up to 32% of all fraud cases. Do you know the five most common methods?
7. Payment Card Industry (PCI) noncompliance penalties can be catastrophic to a medical practice. Annual PCI compliance is required for all merchants, large and small, that process, store or transmit payment cardholder data. Have you documented your PCI compliance?
8. 96% of all practices will experience a data breach. The average privacy breach cost $282.00 per record; this cost does not include employee’s time involved in data collection, loss of productivity or potential reputational damage. Do you have a cyber-loss prevention and disaster protection plan established?