HIPAA Compliance | Montpelier, VT

CALL US: 802-655-0880

Proudly serving Montpelier for more than 10 years

DominionTech is your trusted local HIPAA compliance support and HIPAA compliance consulting services company in the Montpelier, VT area. Our HIPAA compliance consultants help both solo practitioners and larger healthcare and medical organizations get in HIPAA compliance and stay that way. Contact us to speak to a HIPAA compliance consultant today.

CALL OUR EXPERTS TODAY

The need for HIPAA compliance and the requirements

The Health Insurance Portability and Accountability Act (HIPAA) protects sensitive patient data, also referred to as protected health information (PHI). It requires healthcare entities to create physical, network and process security measures that meet HIPAA compliance standards.

Fines for non-compliance reach as high as $1.5 million for repeat offenders, so it is a must that your institution needs to adhere to its guidelines. Here's what your organization needs to know about HIPAA requirements.

HIPAA compliance overview

President Bill Clinton signed HIPAA into law in 1996. Under the original law, HIPAA consisted of five titles:

Title I

Employees are most familiar with this title because it enshrines into law the right to continue employer-based coverage after termination through COBRA plans. It also restricts coverage denials based on certain conditions and bans lifetime coverage limits.

Title II

Title II requires the Department of Health and Human Services (HHS) to create standards for electronic PHI records. With the move to electronic records in healthcare entities, this title has become even more important.

Title III

This title contains tax provisions and medical care guidelines.

Title IV

This provides pre-existing conditions protections and guarantees continued coverage.

Title V

Contains provisions for revenue offsets for company-owned life insurance and taxes on former U.S. citizens.

hipaa-compliance-support

In addition, HIPAA contains the HIPAA Security Rule, which governs data security. In 2013, HHS increased requirements for electronic security through its Omnibus Rule. The increased measures were a response to the 2009 Health Information Technology for Economic and Clinical Health Act.

Data breaches occur frequently. Some breaches are accidental while others result from criminal cyberattacks. Common reasons for data breaches include:

  • Error
  • Misuse of database
  • Hacking
  • Malware
  • Phishing
  • Pretexting

In phishing attacks, criminals send emails that appear to come from a trusted sender to trick healthcare employees into revealing login credentials. Pretexting attacks involve criminals impersonating legitimate actors over the phone to gain private information from employees.

The need for HIPAA compliance

HHS takes HIPAA compliance very seriously. It enforces HIPAA requirements aggressively and hands down stiff financial penalties according to a four-tier system.

Tier 1

Accidental, low-impact HIPAA violations are eligible for a $100 fine per violation, with an annual maximum of $25,000.

Tier 2

For higher impact violations, fines increase to $1,000 per violation, with an annual maximum of $100,000.

Tier 3

HHS takes intentional neglect of HIPAA requirements very seriously. If healthcare entities correct first-time HIPAA compliance violation in a timely fashion, the fine stands at $10,000 per violation, with an annual maximum of $250,000.

Tier 4

Entities that willfully violate HIPAA and fail to correct the problem face a fine of $50,000 per violation, with an annual maximum of $1.5 million. Intentional violations of the HIPAA requirements for privacy, such as in a hacking attack or copying and disseminating PHI, carry fines up to $100,000 and up to 10 years in prison.

The requirements for healthcare institutions

To comply with HIPAA, healthcare entities obtain a 10-digit national provider identifier. HHS standardized procedures for the ease of transactions and the administrative costs of HIPAA compliance.

If a PHI data breach occurs, the entity must report it to HHS and to affected individuals. A HIPAA data breach involves information that makes healthcare records individually identifiable. Also, HIPAA-covered entities must perform the following procedures:

  • Appoint a privacy officer to oversee HIPAA compliance
  • Provide employee training on HIPAA compliance
  • Create privacy safeguards: Administrative, technical and physical
  • Provide a complaint process for unauthorized PHI disclosure
  • Mitigate the impact of any HIPAA violations

How DominionTech can ensure that your company is HIPAA-compliant

Cyberattacks on companies covered under HIPAA have become more common in recent years. As hackers create more sophisticated programs, network security must be tightened. We assist clients in creating HIPAA compliant network security.

These days, hackers look for any and all information they can grab from databases. Over 10 years ago, DominionTech has been assisting clients in creating bulletproof network security systems. We can help your company do the same. Contact us now to see how we can help your company identify and mitigate risks related to HIPAA compliance.

CALL OUR EXPERTS TODAY

707138034

When we first hired DominionTech, it was through a former co-worker's recommendation. A couple of the reasons why we continue to reach out to DominionTech for our IT support would be that they are local, and I can count on a swift response in a troubled situation.

Kevin Eddy, Pet Food Warehouse

Free Report:

10 Ways Your Company Can Find Peace Of Mind With The Right Computer Consultant

Choosing the wrong computer consultant to support your network can not only be frustrating and expensive, but could end up costing you in downtime, data loss, and expensive repair bills, not to mention the headaches and frustration! Luckily, there are ways to ensure your choice will be the right one! We’ve compiled a list of 10 items that can prepare you for your search. You’ll be in good hands with a computer consultant that meets these standards!

Download for Free