Skip to main content
Free Billing Consultation
Back to Blog

How To Perform A HIPAA Omnibus Rule Risk Analysis

October 15, 2013
by Simon Hughes
Dot grid in the shape of the USA with many highlighted dots.

Hipaa omnibus rule risk analysis resized 600Can a medical practice–any practice of any size–afford penalties up to $1.5 million? Affordability does not only mean those practices with large cash balances or insurance coverage.

The new HIPAA Omnibus Rule is so complex, the potential for violations is high. Until the rule is in place, medical service providers, practice managers and all staff will be uncomfortable with its provisions. While this is perfectly natural, violations will be very expensive.

The best–possibly the only–way to properly protect the practice is performing a HIPAA Omnibus Rule risk analysis. This will be challenging to complete internally, particularly during the early days of rule implementation.

All medical practices must assess and minimize the risk of violations of the Omnibus Rule. Because the rule provides severe monetary penalties for even honest mistakes, you must identify practice risks and create remedies before violations occur.

How to Assess the Risk

PHI (Patient Health Information) data breaches have been increasing in recent years. This reality has fueled the motivation to write and adopt the Omnibus Rule in the first place. Consider the following suggestions to create an effective risk analysis.

  • Educate practice staff on the provisions and dangers posed by the Omnibus Rule. Thorough training and education is imperative to lowering the risk of PHI data breaches. Omnibus Rule penalties can be assessed for apparently small human error, mandating that practice personnel first understand the requirements.
  • Test their knowledge after providing the necessary training. Simply dispensing proper information to staff is not enough. Test their knowledge retention, particularly as it pertains to tightened PHI privacy and security requirements.
  • Prepare a report identifying staff strengths and weaknesses in understanding the rule. A carefully prepared written report, noting the apparent staff strengths and weaknesses with their level of understanding, will offer critical information to assess and analyze the risks faced by the practice. Those areas identified as weaknesses will require additional training or other remedial action to minimize risk.
  • Maintain a “paper trail” that confirms the practice completed HIPAA risk assessment procedures. While this is neither breaking news nor a “secret” tip, preparing and maintaining a complete set of documentation as conclusive evidence the practice conducted a thorough risk assessment is vital. Outside auditors can only verify a risk analysis after the fact by examining documentation proving the practice conducted the assessment.
  • Consider using outside consultants or installing self-assessment risk software. If providers or practice managers lack the experience to create internal risk assessment procedures, consider retaining external HIPAA risk consultants or evaluating one of the available self-assessment software options. Both options typically offer more than just risk analysis. Top third-party advisory firms, such as M-Scribe Technologies, and the best risk-assessment software also offer suggestions for effective remedies to minimize the risk of expensive HIPAA Omnibus Rule violations. Both will also provide the necessary documentation to allow the practice to prove conducted a HIPAA Omnibus Rule risk analysis and took appropriate remedial action to prevent violations.

The Omnibus Rule places additional strict requirements on medical service providers and their business associates. The former risk level has been ramped up to a level that creates potential dangerous–and highly expensive–violations.

 

{{cta(‘677eb645-eebd-4c45-a37d-e84cc5d3e4a7’)}}
Image courtesy of http://foxgrp.com

More Insights & Posts

April 25, 2024

Anesthesia Stipend Requests in Today’s Environment

BY DAVID J. PLATT, MPA Senior Vice President, Anesthesia, Coronis Health, LLC, Everett, WA  Anesthesia provider shortages have been commonplace across health systems since the turn of the century, resulting from fewer anesthesia residency graduates and increased demand for surgeries, especially in the outpatient setting. In turn, we saw a surge in hospitals providing anesthesia […]

Read More
April 25, 2024

2025 IPPS Proposed Rule: Quality Programs for Hospitals

Last week, we brought you a summation of the key provisions in the Medicare Inpatient Prospective Payment System (IPPS) proposed rule for fiscal year (FY) 2025. Today’s article will focus on the quality programs that concern the inpatient setting. Hospitals that do not submit quality data or do not meet all Hospital Inpatient Quality Reporting […]

Read More
April 24, 2024

Mastering the Hybrid Workflow: A Symphony of Communication, Performance and Inclusivity

BY KAI WILLIAMS, MHRM Chief Human Resources Officer, Coronis Health, Dallas, TX The healthcare world is changing fast, and successful teams need to adapt. That means mastering the art of working together seamlessly, whether you’re in the office, at home or somewhere in between. This guide is your roadmap to building a high-performing team in […]

Read More

Get the Latest RCM News Delivered

Receive practical tips on medical billing and breaking news on RCM in your inbox.

Get in Touch