Skip to Content
Close Icon


Posted On: January 30, 2018


There are a number of good reasons to get and keep your business on track toward HIPAA compliance in 2018. For one, throughout 2017, the Office of Civil Rights (OCR) issued more than $19 million in fines related to HIPAA violations. Compare that to fines in 2015 totaling approximately $6 million, and it becomes clear that businesses responsible for handling patient health information (PHI) need to be more diligent than ever. 

Our affiliate company, The van Halem Group, points out that most fines stem from not understanding and implementing the four fundamentals of HIPAA. Here’s what you need to know:

  1. Compliance Team: The first step is to assign someone within the office to oversee the HIPAA compliance. When this responsibility is assigned it must be documented so the Office of Civil Rights will be aware if they were to audit your business. The compliance officer will need to receive proper training and evidence will need to be provided this training occurred.
  2. HIPAA Policy and Procedures: Not having policy and procedures in place within your office is a top reason for fines. Your policies and procedures need to be created, shared with employees and documented. At a minimum, the policies will need to be reviewed on an annual basis. You must create the policies structured for your practice or business, and be active in updating, sharing them with employees and documenting this activity.
  3. Workforce Training and Awareness: Training will need to be provided to anyone on staff who handles or is in contact with patient records. Once training and updates are provided to staff, records of training should be tracked. There will need to be regular reviews and retesting to ensure understanding and compliance.
  4. Security and Risk Assessment: You’ll want to take the time to ask questions about security. Are cabinets that store patient information locked? Are computers password protected? Are doors locked so unauthorized personnel can’t get into medical records? The HIPAA compliance officer must make sure security and risk assessments are completed on a regular basis.

Get your business on the right track. The van Halem Group now has an easy to use solution to ensure HIPAA compliance called HIPAAwise.  With HIPAAwise, their goal is to simplify the compliance process with their web-based program. To see The van Halem Group Solution for yourself, sign up for a free trial and discover how simple it can be to become HIPAA compliant! For any other questions, please contact The van Halem Group here.

Article by Kelly Grahovac – The van Halem Group

The van Halem Group  has become one of the nation’s most respected healthcare audit and consulting firms. Together, their team has more than 130 years of related experience. They have worked collaboratively with key government stakeholders, such as Centers for Medicare and Medicaid Services (CMS), the Office of Inspector General (OIG), Medicare administrative contractors (MACs), recovery audit contractors (RACs), zone program integrity contractors (ZPICs), private payors, and other government contractors and agencies.  This expertise provides clients the benefit of knowing proper communication channels and processes reducing the regulatory burden.
The van Halem Group is an affiliate company of VGM Insurance Services.


Denotes required fields