Empowering Women in Chiropractic - Year-End HIPAA Reality Check

Click here to download the transcript. 

Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors.  We suggest you watch the video while reading the transcript.

Hi everybody. Hi. I am Dr. Julie McLaughlin here with Fearless Chiropractor. We're here with ChiroSecure, and today we are gonna talk about what you need to do before the year end for HIPAA compliance to make sure you're HIPAA compliance. So I have a few slides to share with you. Let's take a look now. So again, thank you ChiroSecure for having us here and always having great programs and education for all of our friends.

Click here for the best Chiropractic Malpractice Insurance

So the year end HIPAA compliance checkup. I know you got a million things to do. You're probably busy like crazy 'cause people are trying to meet their deductibles and get in before the end of the year. But you cannot afford to ignore this before December 31st. I want you to plan, prepare, and protect. So I'm Dr.

Julie McLaughlin. This is my partner, Dr. Barry Barnhill, and we are the Fearless Chiropractor, and we help you become HIPAA compliant and stay HIPAA compliant so you're not getting in trouble with any of these audits. Any problems with patients records? PHI getting. So that's why we're here to help you. So why is December the danger zone?

Get a Quick Quote and See What You Can Save

Right? HIPAA loves the end of the year. There's compliance gaps that are quietly hiding all year long. And when those auditors come in, they're looking backwards. They're not looking forward let's see what you're going to do next year. They wanna see what you did already. So you better make sure you're all your ducks are in a row that you have everything ready to go for the end of the year.

If your documentation has gaps in it, they're going to show up when it's too late, when you don't expect it, when that auditor walks in. So today is your reality check. I'm going to take about 10 minutes of your time and we're going to do a compliance wake up call and make sure that you actually practice what you know you should be doing with your hipaa, because where people get caught are.

Not doing this. And when all the auditors are coming in, they wanna see this stuff and they expect to see it on paper. If you don't write it down, it didn't happen. It doesn't exist. Just like our notes. And you have to review this every single year to make sure that you're good. So what's the number one thing?

If you get audited? God forbid, knock on wood, if you get audited that they're gonna do. It's gonna be a risk analysis. They're gonna ask you, where's your risk analysis? 'cause the foundation of everything else sits on that. If you don't have that, then they're gonna dig in and look at everything else. At least if you have your risk analysis, and I'm not saying only do your risk analysis, but I'm saying if you didn't do anything else, at least do this.

Because if you don't have this, they're gonna wanna look at everything else. If you do, they're gonna be like, okay, they're trying. They're making an effort. They're doing it because. And the other thing is you need to do one that really reflects what's going on in your office. Don't just have one copied from your friend or you pulled off the internet or God forbid chat, GBT 'cause it's giving not correct information when it comes to this HIPAA stuff.

Make sure that you actually have one and it matches what you do in your office. So because policies can hurt you instead of help you. If your policies say one thing and you're doing something else, your audits going sideways if your staff does something else, because they didn't know, they weren't trained, they weren't paying attention.

Then you're gonna be in trouble. And if technology does a third thing, so if you've got a policy says one, the staff's doing something else and your technology's doing one, you're gonna be in big trouble with the audits. So I want you to make sure that everything is congruent, everything is working together the way it should be.

So training where prac good practices get burned, right? The most common assumption is my staff knows hipaa, but the reality is maybe they don't. Have you been doing monthly HIPAA trainings? Have you done your annual HIPAA training this year? Come on. We don't have much time left before the end of the year.

You have to have that in right and you have to document that you did it. 'cause if you didn't document, it didn't happen. Even if you really did do it. And you cannot go back and take your 20 24, 23 old annual HIPAA training. And use it now because guess what? There are all kinds of news laws that changed in 25, and that old training is very ineffective and you're not even keeping up to date.

So you have to make sure your annual HIPAA training has everything current, all the new changes that have happened this year. So what about the BAAs Business Associates agreements? This is a liability that nobody sees coming, right? We missed some of our vendors. Maybe you didn't mail them all out this year and get 'em signed and get 'em back from them.

Like it support your cloud storage, your EHR marketing platforms. What about even referral sources like lawyers or work comp companies that are sending you patients? Those patients, you get emails from them and maybe you click a link and all of a sudden you got hacked. You gotta make sure that those BAAs not only have that agreement signed and you have a copy of it, but also you have it documented the date and the year.

Now, in the new year, you're going to need to get a new BAA signed with everybody. Make sure you're up to date and current. 'cause security isn't just an IT issue. HIPAA expects proof of administrative safeguards, physical safeguards, technical safeguards. So yeah, the it, you gotta do it. It's a huge one, but you have to make sure that you're not leaving file folders out, face up with patient's names on it, or your screensavers just wide open.

It's not password protected, or your files aren't in a secure location where anybody could go in there and grab some PHI. You gotta make sure that all of these safeguards. Are in place. And I know paperwork's boring. I don't like to do it either, but it really is the real protection because if it is not documented, it didn't happen and it won't defend you.

Just like our notes, just like the insurance companies, if you didn't write it down. And if you just have, think about this. We know everybody gets in trouble now with the copy and paste notes in the insurance. Oh yeah. Same as last visit. Same as last visit. The insurance companies are like, no, we don't accept this.

You are getting fined and give me all the money back. HIPAA is doing the same thing. So you cannot have something that's not documented correctly or not documented at all because you're not gonna be defended. So practices get blindsided because they think, oh, we thought we were covered. We meant to update that.

We didn't know that counted well, HIPAA is the federal government, same as IRS. They don't say that. Ignorance. Oh, you didn't know. Okay, we'll let you go. No, ignorance is no excuse. You have to do this. That's why I'm here telling you this. So your year end decision point, you got two path forward, patch things together and hope for the best, or actually put a real system in place.

What are you gonna do? Put a real system in place, of course, do what actually works because practices that stay compliant will have structure, current tools, ongoing guidance, their annual HIPAA training, their monthly HIPAA training up to date with all the 2025 new rules, getting ready for 2026, and they're gonna have a structure of.

Recording what they've done throughout that year and make sure that their, it is up to date too with all those security risks. So don't drag this into the next year, your next step. If you're like, oh my gosh, I have no idea what to do, I am in deep trouble, reach out. You are not alone. We're here to help you.

This is our email, Dr. Perry and I [email protected]. We will help you out. If you are like, oh, I just don't know. This is the link for the demo. It's https://go.fearless provider.com/demo. Go there and we'll do a demo with you, show you what you should be doing. If you have questions about what's going on currently in your office, you can ask them to us.

We're happy to help you. So that's it for Fearless Chiropractor.

Click here for the best Chiropractic Malpractice Insurance

Get a Quick Quote and See What You Can Save