OUM Chiropractor Insights

Bulletproof Your Practice with HIPAA Safe Harbor (PART 1)

Written by OUM Risk Management Expert | Sep 13, 2022 7:23:31 PM

Occasionally, there is good news about compliance and risk. Good news came to every licensed healthcare practitioner in the nation on January 5, 2021, when the HITECH Act was amended with the new HIPAA Safe Harbor Law (HR 7898). This change created safe harbors under the law, but only if acted upon by the healthcare professional to protect themselves and their practice.

Here is what it means for you, and why it is not too late to protect yourself under this law’s safe harbors. It is important to note that while this law does not have a true safe harbor in the most technical sense, it is as close to one as you will find.

If you’re licensed in the healthcare field, there are certain things you have to do for twelve consecutive months to ensure that you and your practice are safe from incurring HIPAA fines, or worse. You may have already taken action regarding HR7898, and the change on January 5, 2021 without batting an eye. If so, you now enjoy certain protections from HIPAA fines.

However, if you have not acted, now is the time. Under federal HIPAA law, you do not have to do every single thing that can possibly be done, but you must document what steps you are taking to meet each individual standard under the HIPAA requirements. A small practice might not be able to afford to do certain things a larger practice or corporation can do, but that is okay. If there is still a good faith effort, and it is documented, you can rest easier right away. But it must be documented.

This is what we mean by making your practice bulletproof from HIPAA fines, the easy way. The formula is simple. It is one part good faith effort and one part documentation of that effort. The more you do, the stronger the case, and the easier it is to defend yourself if needed.

What does that look like practically for most practitioners? If you have a great HIPAA program in place and you document that you are also doing something a little extra, you are likely to be in great shape. A complete, basic HIPAA program, that is installed correctly and maintained completely, already covers the vast majority of what is needed to meet the requirements under this new law.

Ready for more good news? You do not have to meet all of the safe harbors in this new law to have a good, defendable position, either. However, the more safe harbors you meet, the stronger a case can be made that you’re doing your best and that you have a true, documented good faith effort, which typically makes the fines go away. You bulletproofed your practice.


In Part 2 of this article, we discuss in detail the two aspects of having a compliant HIPAA program!

If you are not insured with OUM, fill out our online form to get a no-obligation quote!

This article was written by Dr. Ty Talcott, one of the top experts on HIPAA regulations in the chiropractic profession. Visit his website at www.drtythecomplianceguy.com to learn more about his products and services.

“OUM” and “OUM Chiropractor Program” do not refer to a legal entity or insurance company but to a program or symbol of a program underwritten, insured, and administered by ProAssurance. The information contained on the OUM Chiropractor Blog does not establish a standard of care, nor does it constitute legal advice. The information is for general informational purposes only. We encourage all blog visitors to consult with their personal attorneys for legal advice, as specific legal requirements may vary from state to state. Links or references to organizations, websites, or other information is for reference use only and do not constitute the rendering of legal, financial, or other professional advice or recommendations. All information contained on the blog is subject to change.