Office address

623 North Broad Street

Lansdale, PA 19446

Phone: 215-896-3846

Fax: 267-653-1405


Contact Us

* - required field

And Another Thing...
The recent publishing of the Omnibus Final Rule by the Department of Health and Human Services serves as a timely reminder to review how the HIPAA rules apply to every business not just those in the healthcare industry.  It is important to insure your staff and your operations are compliant with the security of protected health information in your possession.  Here are some helpful tips:

Securing Medical Records

Records containing information about employees' health need to be secured not only from access outside of the company, but also from unauthorized users inside the company. Only certain employees within the organization who deal directly with health-related policies need to access the information, which should be protected by a special password or locked in a secured drawer or filing cabinet. When transferring these records, employees must follow company policies to ensure the information isn't lost or intercepted by another party. Employees who handle health-related information must also maintain a log that details any release or transfer of information.

Employee Training

Any employees in the organization who handle health-related information --- such as medical insurance policy information, a company wellness program or flexible health spending account --- need to receive proper training about HIPAA and how to handle health-related information. If you fail to properly train such employees, who in turn disclose information about another employee's health, you may be found liable for the disclosure and may then be sued by the employee whose information was compromised.

Employee Absences

Under no condition may a manager disclose to other employees in an organization the details of a person's medical absence from the company, unless the employee consents first. This means that when an employee falls ill or needs to undergo medical treatment, you may pass around a card or other materials to give to the employee who isn't well, but you can't disclose the reason for the employee's absence to everyone else.

Written Policies

Not only do you need to follow HIPAA laws on a daily basis within your organization, but you also must document the policies your organization has adopted to ensure compliance with the laws. These documents need to detail how employees who have access to health information are to secure the information, under what circumstances health information should be disclosed, and consequences for an employee violating the organization's HIPAA policies. All employees should have a copy of these written policies, especially those who have access to health information.

In-House Privacy Officer

Business owners must have a designated privacy officer on staff. This role is often accepted by an office manager for smaller business operations. Though a privacy officer is selected and trained, the business owner is still liable for non-compliance. Therefore, business owners should make sure their privacy officers understand all HIPAA regulations and how they apply directly to their industry.

Company-wide Policies

Small businesses must not only comply with HIPAA regulations, but written company-wide policies must be documented as well. These policies limit the disclosure of protected personal health information to the minimum required to accomplish a specific disclosure. Businesses that comply with HIPAA, but fail to document may still be fined for non-compliance. This is because compliance inspectors will assume that a lack of documentation practices equals non-compliance.

To read more about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules click here

Want to review your company’s compliance? Need help with drafting a policy and training your staff?  Call our office for more details and information on how we can help. 215-896-3846

+ Email Us