The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996. This act required the Secretary of the Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information.

HIPAA not only applies to hospitals and healthcare facilities but also to emergency and non-emergency EMS services. HIPAA requires EMS agencies to appoint a compliance officer and create standard operating procedures for workers to follow. Even if your Electronic Patient Records are in a 3rd party system, you are still liable for these rules. 

Most EMS agencies are not aware of the depth of these regulations and everything that they must be in compliance with. The language can be difficult to interpret and lack of time and resources can complicate things.

The Office of Civil Rights (OCR) has the authority to conduct audits of healthcare facilities and agencies, including EMS. In December 2019 an EMS agency in Georgia was fined $65,000 for non-compliance, had to create a corrective action plan to resolve deficiencies, and is under the watchful eye of OCR for two years.

Could your agency survive a HIPAA audit? Have you completed your annual Security Risk Assessment that addresses all of the key areas of HIPAA compliance? Are your policies and procedures up to date and in line with the HIPAA Security Rules? Do you conduct annual Security Awareness Training for your staff?

Running afoul of these Rules and Regulations can result in hefty fines and even jail time.

Our consultants can assist your agency with completing your Security Risk Assessment using industry-standard assessment tools to build a gap analysis and risk mitigation plan to ensure compliance.

Contact us today to discuss your options.