HIPAA Compliance Myth's

With so much information to absorb about State, Federal compliance requirements, MIPS/MACRA Attestation metrics and on and on, it can feel like drinking from a fire hose!
And there's also a lot of misconceptions.
The security risk analysis is optional for small providers.

False. All providers who are “covered entities” under HIPAA are required to perform a risk analysis. In addition, all providers who want to receive MU, and MIPS incentive payments must conduct a risk analysis.

Our office uses the Cloud, we don't need a risk assessment.

False. Even if you have a fully HIPAA compliant cloud vendor, your patient data, ePHI and PII still has to go through all your systems to get to the cloud. You are required to perform technical, administrative and physical security risk analysis.

Our EHR makes us compliant, we're fine.

False. While your EHR may provide excellent privacy and security features, it definitely doesn't exempt you from the HIPAA security requirements.

My IT guy does this, and we have a firewall.

False. While your IT provider can help remediate vulnerabilities, understanding your State and Federal compliance requirements go far beyond the services provided by your IT vendor.

Contact Form

Simply fill out this form and we will reach out to discuss your Compliance Requirements with no obligation.

Office: (980) 999-1585 | Sales@LiveCompliance.com