Physical Therapy Practice HIPAA Compliance – 3 things you can do in 30 minutes

Share on facebook
Share on twitter
Share on email

Physical Therapy Practice HIPAA Compliance – 3 things you can do in 30 minutes

Have 30 minutes? Why not work on your HIPAA stance?

It’s really hard to believe but HIPAA (Health Insurance Portability and Accountability Act) was passed about 25 years ago. Mariah Carey and Tracy Chapman were dominating the billboards and everything was breezy. Combine that with 2+ decades in advances in technology including the proliferation of EMR and billing software and we can all agree that much has changed. At times, HIPAA can seem overwhelming but it’s best to break it down to things that you can actually do. A little bit can go a long way. This blog post gives you three achievable things that you can do in 30 minutes to improve your HIPAA stance.

1. Clinic walk through

Estimated time investment: 10 minutes
After your practices closes to patients for the day, start at the entrance to your practice and make a loop through the practice. Here’s what you’re looking for:

You may also consider doing the same walkthrough during the day when your practice is open to make sure that your employees are taking similar precautions during business hours.

2. Vendor List Crosscheck

Estimated time investment: 10 minutes
Do you have a list of all vendors that you work with? If you don’t, now would be a good time to make one. If you do, this would be a good time to ensure it is up to date. A list of vendors should be part of a manual that you have for your practice. Hopefully you have one of those too but if not this can be a start on that (hey two birds, one stone). The point of having a vendor list is ensuring that you know everyone that you work with and that might hold or process protected health information (PHI) for your practice.
Using vendors to help offload some of the work of HIPAA compliance can be a great idea but only if you’re working with competent vendors and you’re ensuring that you keep your paperwork in order. This is a quick thing that you can do to validate  that you’re on track and may be one of the biggest things that you can do. At MWTherapy, we sign BAA’s with every client by default and we have no problem doing so.

3. Crosscheck your software access levels

Estimated time investment: 10 minutes
Here’s another easy one to tackle. Pop into your practice management/EMR software and take a look at your roster of users. There are two key things that you’re looking for:
Have you ever heard of the principle of least privilege? It’s OK if you haven’t. It’s really just a fancy term used by computer nerds to explain the idea that users of computer systems should be granted the least amount of access as is possible just to be able to do their job and no more. At times, practice owners may feel compelled to give everyone access to everything to make life easier but it’s far better to start everyone at a minimum and add to access as employees demonstrate a need for more access for their position.

The bottom line

Boom! In 30 minutes, you’ve made a difference in the security of your practice and made a difference in your practice’s HIPAA compliance stance. It’s a good idea to calendar this to be done again in say 6-months. Feel free to bookmark this blog post.

Check Out Our Awesome All-In-One PT Software

Want our awesome blog posts delivered right to your inbox?

5 Stars

With 15+ years in business, we are proud to be loved by clinics across the country.