Whether it be denial, or a simple misunderstanding, there are quite a few myths out there when it comes to HIPAA compliance and how it applies to your business or entity. While we could spend all day debunking the myths we hear people churn out, we thought we’d cover three we believe are at the top of the charts. Let’s get to debunking!
Myth 1: We’re too Small
This is a situation where the old adage, size doesn’t matter, is true. No matter what size your business or practice is, if you handle, transmit or receive personal health information, HIPAA applies to you.
If you think because you’re a small business you can fly under the radar of the Office of Civil Rights, think again. In reality, small businesses and practices are hit the hardest with fines. With only around 30 percent of small businesses and practices having a compliance plan in place, the Office of Civil Rights knows who they need to be looking at for compliance regulations.
Myth 2: We’re Exempt
Like we mentioned above, if you handle, transmit or receive personal health information, HIPAA applies to you. Whether you’re a healthcare provider, health plan provider, clearinghouse, HME/DME supplier, or a business associate, you still need to remain in compliance and have the proper plans in places for breaches.
Since healthcare information can provide someone with a stolen identity, it’s critical to protect patient information with the utmost care. Believing that a business is exempt from the rules puts your patients and customers at risk. Make sure you have plans in place to prevent and mitigate breaches.
Myth 3: All the Liability rests with the Business Associate
Even though you may have a Business Associate Agreement in place, the liability is shared with the covered entity and the business associate. Don’t assume if a breach was to occur, you wouldn’t be responsible for fines and penalties because you have a business associate agreement in place. One way to help limit your liability is to only share need-to-know information with the business associate.
If you believed in one of these myths, HIPAAwise can help make the compliance process smooth and easy to achieve. To learn more about HIPAAwise visit our website here or contact us directly for a demonstration!