Busted! 12 HIPAA Myths That Can Sink Your Eye Care Practice

Sure, it might be easier to look the other way, but ignorance is not bliss when it comes to PHI privacy and security. And it’s not just tech that matters. While you must do everything you can to shore up your information systems to protect PHI, it’s really the people using those systems who make the difference. If the clinicians and staff who are using PHI at your practice aren’t smart about security and HIPAA, your systems aren’t smart either.

12 HIPAA Myths You Definitely Shouldn’t Believe

Take a look at the most common myths we find among clinicians and staffers, and use these mythbusters to step up security at your eye care practice.

Myth #1:

HIPAA is relevant only to covered entities.

Fact: It’s relevant to patients and business associates as well.

Beware: Some cloud vendors may tell you they aren’t business associates under HIPAA. Run—don’t walk—away from those cloud providers.

Myth #2:

My lawyer/IT guy told me we don’t have to comply with HIPAA.

Fact: Get a new lawyer or IT professional.

Myth #3:

My software is compliant, so I don’t have to be.

Fact: The software may be compliant, but if the person using it is not, your practice has a compliance risk.

Myth #4: 

We don’t have to comply with HIPAA because we are a small practice.

Fact: Your head count doesn’t matter. PHI does.

Myth #5:

I accept cash only, so I don’t have to comply with HIPAA.

Fact: Privacy and security regs apply even to practices that don’t accept insurance.

Myth #6:

I don’t need HIPAA training for my staff.

Fact: The HIPAA Security Rule requires that you provide and document training.

Myth #7:

As long as a PHI breach isn’t serious, I won’t get fined.

Fact: OCR fines and settles cases even for the potential of breach.

Myth #8:

I don’t need to worry about cyberattacks because my practice is small. Cyber criminals focus only on big guys like insurance companies and health systems.

Fact: Cyberattackers don’t discriminate. They go after all health care sectors and have hit small providers.

Myth #9:

My vendors don’t need to provide me proof of HIPAA compliance.

Fact: It’s your responsibility to perform due diligence on your vendors.

Myth #10:

HIPAA can wait—we are very busy now.

Fact: The latest compliance date is September 23, 2013—almost four years ago. OCR audits have begun. It’s not a matter of if you get audited or breached. It’s a matter of when you get audited or breached.

Myth #11:

Compliance is very expensive. I can’t afford it.

Fact: It’s cheaper to comply now than to pay steep penalties later.

Myth #12:

HIPAA is optional.

Fact: No, it is not.

Let’s Connect

Drop a line for our sales representative to get in touch with you

  • This field is for validation purposes and should be left unchanged.

Latest Article

images

Contact lens safety: What you need to know

  • 20 Oct 2021

Contact lenses create perfect vision for tens of millions of Americans, but make sure you know the rules for using them correctly According to the U.S. Food and Drug Administration (FDA),...

images

Does your EHR have the right certifications?

  • 18 Oct 2021

Ensure your certifications are correct so you don’t miss out on CMS payments Certification is a big deal when it comes to selecting an electronic health record (EHR) prov...

images

Which states require EPCS?

  • 29 Sep 2021

[vc_row][vc_column][vc_column_text] Electronic Prescriptions for Controlled Substances becoming a standard across the country EPCS is increasingly becoming a standard across the United S...

Download Article

test
test