A colleague recently shared a news release about a physicians’ group that was hit with a $500,000 fine. The fine wasn’t a result of fraud, a misfiled prescription, or malpractice, as one might expect. Instead, the physicians’ group simply failed to have business associate agreements in place.
This led me to wonder two things. First, how common is it for people to go through eight or more years of school to become a doctor without fully understanding HIPAA? And second, if practitioners realize the importance of protecting patients, do they understand what they can put in place to protect themselves as the practitioner?