Help with HIPAA Compliance
Help with HIPAA Compliance
Helping you understand the complexities of compliance under the HIPAA Security and Privacy Rules. Our team of experts in regulatory compliance can answer any questions you may.
Colington Consulting

The Cost of HIPAA Compliance for Small Healthcare Providers

6/17/2014 2:15:14 PM   |   Comments: 0   |   Views: 2421

Let’s start with what happens if you are not compliant:  $1.5 million could be just the start of your costs.  That is what the civil monetary penalties can be up to for settlements with the U.S. Department of Health and Human Services (HHS) for HIPAA breaches. 

If you are not in compliance, you must also factor in the costs associated with making patient notifications to those whose health records were compromised. 

Then there is always potential for class action lawsuits by patients who band together seeking substantial compensation for their loss of protected health information.  

According to HHS HIPAA compliance guidelines, cost cannot be used as an excuse for failing to implement and maintain proper security safeguards.  Regardless of the size of a small practice, HIPAA security compliance requirements must be met if utilizing electronic health records.

Whether you conduct the necessary HIPAA Risk Assessment internally yourself, use practice staff or follow any guidance provided by the vendor of your EHR platform, getting on track with compliance efforts does not have to be a costly production.  However, properly conducting the required assessment, determining vulnerabilities and threats and then taking appropriate steps to mitigate those vulnerabilities and threats can be time consuming. 

In March, HHS rolled out a HIPAA Risk Assessment Tool that consists of 156 questions.  Although using this tool is a good way to help you start to determine all areas that need to be assessed, it is not the same as having the required HIPAA Risk Assessment.   Then, it’s important to remember, the assessment is only the first step in the process; compliance regulations require a HIPAA Risk Management Plan be in place, too. 

Do you have the time and expertise to complete all the necessary requirements?  If you do, that is outstanding.  But what I see is a lot of confusion with small providers not knowing exactly what they need or not having the necessary in-house resources to complete all the compliance requirements.  For those practices, the answer is clearly “no.”

From a cost standpoint, you will need to factor in your current in-house personnel man-hours to meet all those HIPAA requirements and their level of security expertise.  What will be your actual cost in dedicated hours to complete all the requirements yourself?  Bottom line is your bottom line.

For a small healthcare practice, the time management factor must be included into the overall cost of ensuring compliance.  Getting all the requirements in place without outside assistance can be a time consuming and stressful process that really never ends and must regularly be updated. 

A consultant can take this complicated compliance burden off your practice’s plate and allow staff to do what they do best — provide required healthcare and associated services. 

It may be worthwhile for your practice to get a quote from a consultant for HIPAA security services.  In the end, letting an expert handle the HIPAA requirements could actually lower your costs…as well as your aggravation levels.  

Author: Jay Hodes is the President of Colington Security Consulting LLC and the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services, Office of Inspector General.  In that position he supervised over 200 Special Agents and professional support staff responsible for health care fraud and medical identity theft investigations throughout the eastern United States.

His company provides assistance with HIPAA Security Rule compliance by conducting risk assessments and writing practice specific risk management plans.  The assessments identify vulnerabilities and risks; determine the potential impact and provide a gap analysis action plan to prevent unauthorized access, tampering and theft. 

Sign up for our HELP with HIPAA Monthly Newsletter: Sign Me Up


More Like This

Total Blog Activity

Total Bloggers
Total Blog Posts
Total Podcasts
Total Videos


Townie Perks

Townie® Poll

Do you allow parents into the operatory?

Site Help

Sally Gross, Member Services
Phone: +1-480-445-9710

Follow Dentaltown

Mobile App



9633 S. 48th Street Suite 200 • Phoenix, AZ 85044 · Phone: +1-480-598-0001 · Fax: +1-480-598-3450
©1999-2019 Dentaltown, L.L.C., a division of Farran Media, L.L.C. · All Rights Reserved