Can you achieve HIPAA compliance with SharePoint? In other words, can healthcare companies trust the platform to safeguard PHI (protected health information)?
We can’t overstate the importance of HIPAA compliance as we head into 2021. In October 2020, Aetna Life Insurance Company had to pay a $1 million dollar fine to settle three HIPAA violations. Why? In three separate incidents, Aetna failed to secure the PHI (protected health information of 18,489 patients.
The moral of the story is that even during a pandemic, the Office of Civil Rights (OCR) and the Department of Health and Human Services (HHS) place a high value on HIPAA compliance and patient privacy.
At Entrance Consulting, we keep up with HIPAA changes so you don’t have to. Our custom software solutions integrate seamlessly with SharePoint and Office 365, all while remaining HIPAA compliant. Below, we look at recent HIPAA changes in light of the COVID-19 pandemic.
HIPAA Basics
First, a brief definition from The Centers for Disease Control and Prevention (CDC): “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”
- These strict privacy rules are designed to protect patients.
- All medical service providers, life and health insurers, and associated industries must adhere to HIPAA standards or pay substantial fines for non-compliance.
From time to time, the Department of Health and Human Services makes updates to HIPAA guidelines. Below, we discuss what’s new in light of COVID-19 and how you can achieve HIPAA compliance with SharePoint.
Recent HIPAA Rule Changes
July 2019: New Patient Identifiers for Medicare Beneficiaries
Since the advent of HIPAA in 1996, providers have voiced support for using National Patient Identifiers (NPI) to identify patients. The concept is similar to a Social Security Number — a unique number for every individual. While NPIs faced roadblocks in the past, Congress ruled in favor of this legislation in 2019, thus bringing NPIs into existence.
Ideally, it will overcome difficulties in patient matching (the process of matching medical data to the right patients). This means fewer duplicate patient EHRs and instances of misidentification.
Another key point we must make is the increasing cost of penalties for non-compliance, which can be utterly crushing for a small practice.
Rising Costs of HIPAA Non-Compliance
For providers, the most significant change to HIPAA in 2020 is an increase in penalties for non-compliance. Offenses are divided into four tiers. The penalty fees have risen significantly, and there is also a new annual cap on each violation category.
Most instances of non-compliance have to do with unencrypted data, the theft of technology, or the lack of employee training.
As of 2020, the maximum penalties for the four tiers are:
- T1: $58,490 (usually occurs when a provider has no knowledge of the violation)
- T2: $58,490 (reasonable cause for the violation)
- T3: $58,490 (willful neglect)
- T4: $1,754,698 (willful neglect that remains uncorrected)
The good news for practitioners is that telehealth is currently experiencing a surge in popularity in light of COVID-19. And, physicians can utilize the telemedicine features of Microsoft Teams (part of the Office 365 suite) to hold secure online meetings with patients.
HIPAA, COVID-19, and Telehealth in a Pandemic
While it’s not a true rule change, the OCR and HHS understand the value of remote diagnoses during a pandemic. As of April 2020, providers have been using apps like Zoom, Skype, or Facebook Messenger Rooms to assess a patient’s need for medical attention. The goal of telehealth is to encourage social distancing and keep at-risk patients out of densely-populated areas and crowded indoor spaces.
HIPAA Compliance, SharePoint, and Office 365 Migration
We’ve witnessed a significant uptake in Office 365 Migration work during the last few years. Here at Entrance Consulting, we transitioned to Office 365 and performed our first Office 365 migration five years ago. Today, we offer a full line of Office 365 tools as well as Office 365 Migration Services.
When it comes to protecting PHI, we understand how recent changes to HIPAA can affect both small and enterprise businesses. In an ever-evolving marketplace, we know what’s at stake, and we look forward to helping your organization become 100% HIPAA-compliant.
If you’re wondering whether SharePoint is HIPAA-compliant, the answer is yes. Microsoft will provide business associate agreements (BAA) for any Microsoft SharePoint-enabled customer in the healthcare industry.
With a BAA, healthcare organizations can include PHI in the SharePoint platform. So, if you’re worried about HIPAA compliance, don’t be. Contact us today to learn more about SharePoint security and the HIPAA security management controls in Office 365.