Health-related Non-profit Unaware of HIPAA Laws

Health-related Non-profit HIPAAThere are over 170,000 health-related non-profit organizations in the U.S. and many are UNAWARE that HIPAA laws apply to them. Is your organization vulnerable? Protect your health-related non-profit organization before facing a random audit by the Department of Health and Human Services or data breach that will affect your client records.

Consider this: A stolen laptop, a lost thumb drive, a malware or ransomware that compromises client information – these are all situations that can occur in a HIPAA environment. Do you have policies and procedures in place to remediate these situations and others?

Do you know the benchmarks/identifiers that test whether your health-related non-profit organization MUST follow HIPAA laws? These are two-fold. First, do you store client/patient information concerning health conditions OR medical treatment OR payment information? Second, does your health-related non-profit organization include any of these identifiers?

  • Name
  • Address
  • Dates (age, admission, discharge, etc.)
  • Telephone number
  • Fax number
  • Email address
  • Social security number
  • Medical record number
  • Health plan beneficiary number
  • Account number
  • Certificate/license number
  • Web URL
  • Internet Protocol (IP) address numbers
  • Finger or voice prints
  • Photographic images
  • Other characteristic that could uniquely ID the individual

Often healthcare providers are fooled into a sense of security, thinking that because they use software for insurance billing, they are HIPAA compliant. However, here are a few general tech security considerations that demonstrate non-compliance:

  • What is your password complexity policy?
  • Does everyone in your organization change passwords every 30-60 days? (Required)
  • Does your organization use encrypted email? (Required)
  • Does your organization have a backup AND disaster recovery system? (Required)
  • Have all of your employees completed HIPAA awareness training this year? (Required)
  • And so much more…

If you are a non-profit organization that deals with client health information but aren’t sure if you are 100% HIPAA compliant, it is advisable to have a review by a qualified IT provider. Here’s what you can expect:

  1. If the initial review determines that your organization does indeed fall under HIPAA law , then the first step is to perform a HIPAA Risk Assessment.
  2. The HIPAA Risk Assessment will determine what “gaps” need remediation and will create a blueprint for further work.

NoWorriesIT’s engineers are HIPAA certified Security Professionals, experienced in assessing non-profits’ infrastructure and determining whether they fall under HIPAA laws. In addition, NoWorriesIT is experienced in assisting non-profits and healthcare organizations develop a plan to become HIPAA compliant. Call us today for a complimentary preliminary review at 410-751-7650 or contact us online.

About The Author

Jean Burgess, Marketing Manager

Jean Burgess, Marketing Manager

Jean Burgess is Marketing Manager for NoWorriesIT, where she is continually surrounded by techno-speak and computer gear throughout the day. From Jean's desire to understand this alien world of Cloud Computing, Remote Monitoring and Management, Data Backup and Disaster Recovery, and Network Security sprang this blog -Thoughts From A Wannabe Techno Geek. Her goal: to be a liaison between the knowledgeable NoWorriesIT system engineers and the small business reader in an entertaining and informative manner.

« Previous Post

Next Post »

Leave a Reply