It was a simple mistake. A letter wasn’t formatted correctly. Or the wrong kind of envelope was used. Either way, the result was disastrous.

Last July, the HIV status of more than 12,000 Aetna customers was revealed through the windows of envelopes they received in the mail. The envelopes contained letters with instructions for filling HIV medication prescriptions.

Many of the affected customers said the letters were seen by family members and roommates. In some cases, even neighbors saw the letters after receiving the mail by accident.

As a result, a federal class-action lawsuit was filed in August 2017. In January of this year, Aetna agreed to a $17 million settlement.

And it was all because of a simple mistake.

It’s enough to make any medical practice more than a little nervous. After all, we’re human. Simple mistakes happen.

That’s why it’s so important to make sure your practice minimizes the chances of HIPAA violations. The following checklist will help. (This isn’t a complete list, so make sure you get legal counsel to fully protect your practice.)

HIPAA compliance checklist

  • Conduct audits and assessments:
    • Security risk assessment
    • Privacy assessment
    • Administrative assessment
  • Identify any deficiencies.
  • Develop remediation plans for:
    • Security risk assessment
    • Privacy assessment
    • Administrative assessment
  • Establish policies and procedures for HIPAA privacy, security, and breach notification rules.
  • Make sure staff members read and agree to the policies and procedures (and document that they have).
  • Conduct and document annual reviews of policies and procedures.
  • Give all staff members HIPAA training (and document that they completed it).
  • Designate a staff member as the HIPAA compliance officer.
  • Identify all business associates and ensure that business associate agreements are in place.
  • Audit business associates for HIPAA compliance.
  • Document your business associates due diligence.
  • Create an incident/breach process:
    • Track and manage investigations
    • Document investigations
    • Allow staff members to report incidents anonymously

We’re here to help

From HIPAA compliance training (including ready-to-use HIPAA manuals and forms) to medical billing to credentialing and contracting, we’re here to make your job easier and your practice more successful. Let us know how we can help. Contact us today.