There is widespread resentment among healthcare providers about the Health Insurance Portability and Accountability Act (HIPAA). Many physicians, that I have come across, find the law redundant and somewhat insulting. Confidentiality and patient privacy, they say, has always been inherent in any doctor-patient interaction, and is a fundamental pillar of practicing medicine.

That said, most of you are probably unaware of the bigger picture as the government has done little to address misconceptions about the real aim of this law..

The government doesn’t want to manage your relationship with your patient; it only wants to ensure that valuable patient health information (PHI), especially financials,  don’t fall into the hands of organized criminal elements who threaten to jeopardize the financial system.

I’m sure you’ve heard about credit card scams, stolen social security numbers and the devastating effects such events can have on the actual owners. Imagine some hacker breaking into your Amazon account, and using the details to max out your credit card. You’d expect Amazon to protect that data, wouldn’t you?

It is not much different with your patient’s insurance information, social security and credit card numbers in your possession. The patient expects them to be protected with the utmost care. This PHI is of great value to thieves, and the negligence of practices could result in losses worth millions of dollars; losses that the government is committed to avoid.

The HIPAA Laws are a reality, as are the fines and penalties for noncompliance. Opposing the law will get you nowhere, and with the HIPAA audit fast approaching, the prudent approach would be to endorse it.

What if I don’t comply?

The government is starting phase 2 of HIPAA audits from October 2014, and a reply will be sought within two weeks of the official notification. Moreover, the audits will be random, so anyone can be first.

An amount of $100 for not knowingly violating HIPAA, $50,000 for a violation of willful neglect (with no correction), an annual maximum penalty of $1.5 million for falling short on HIPAA compliance and returning government incentive money earned through meaningful use are only some of the penalties and fines your practice could face.

Infographic: HIPAA Security Compliance – How important it is

How should I comply with HIPAA?

Now that you’re better equipped with the rationale behind the law’s implementation i.e. the government needs your support in keeping this information safe, the question is how should you go about it?

Firstly, you need to adopt safe mediums for storing and transmitting such information. Certified EHRs allow you to exchange encrypted information with relevant stakeholders. Thus, it is worthwhile to invest in this technology as it is much safer than simply storing information in your computers or file cabinets.

If you decide to buy an EHR don’t cut cost by buying free or low cost EHR systems whose business model revolves around sharing patient data for grants and bursaries. By investing a little more you can get a much better product and an iron clad agreement that you are the sole owner of your data and that its safety will be legally binding on your Electronic Health Records (EHR) vendor.

Read more: Compliance tasks on physicians’ plates for 2014

Secondly, the government requires you to have a dedicated HIPAA officer at your practice. You also have the more cost effective and efficient option of hiring a trained HIPAA consultant to meet this requirement.

If you plan on outsourcing HIPAA compliance to a consultant, organizations such as CureMD provide highly cost effective and extremely efficient solutions. They have HIPAA compliance programs that handle everything from online vulnerability assessments and risk analysis to administrative, physical and technical safeguards for your practice.

If you choose to handle the process yourself, you need to be prepared for the audit right away, and have all your documents in order and updated. Moreover, any equipment that transmits or stores PHI needs to be cataloged, internet firewalls and security needs to be ensured, and certain data needs to be encrypted; all as required by HIPAA laws. Download the checklist below to gauge your readiness for the HIPAA audit.