Do you keep good records? When asked that question my mind races to the Federal Income Tax due date, April 15th and I get a knot in my gut. I think of sorting through a box of receipts late at night feeling very rushed, tired and frustrated. Each year I set the goal to be better organized for April 15th, but my life is far too busy to allow me to dedicate the time to organizing a solution.
In my business life however, I do quite well thank you! I maintain good records and well organized files. I know that good records increase my responsiveness to my customers and prospects leading to increased business. It also protects my business and livelihood in the event of an adverse incident. Although hard to quantify, I know there is a clear ROI to keeping good business records.
Businesses today have extensive record management challenges, especially healthcare practices. Typically last on the list of such priorities, just like my federal taxes, is HIPAA compliance. It shouldn’t be though, and you should really invest in addressing it. 
You need to build a “Body of Evidence” (BOE) which documents your efforts to continually improve your HIPAA compliance.
The BOE provides the “proof” that you are protecting your patient’s protected health information (PHI); ultimately protecting your practice’s cash flow and valuation. These records are required by federal regulations.
Study after study shows that a top threat to your practice is theft of PHI. A recent report stated that 89% of the healthcare companies surveyed were victims of a cyber breach in the past two years! Forty-five percent of them had experienced more than 5 breaches. That is pretty poor odds from the standpoint of the practice owner. If you are breached, the OCR will audit you. The audit notice will state you have 20 days to respond, providing your BOE. If you don’t have the BOE, you can be subjected to substantial fines and remediation costs. Cyber-breach insurance, which is getting harder to purchase and more expensive, may not pay if you don’t have proof (the BOE) you were taking the proper steps to protect your business. It is estimated that only 30% of healthcare companies have breach insurance. There are several cases where insurance companies are actually clawing back awards since the practices didn’t take adequate precautions.
One thing is clear, there is an ROI for maintaining your practice’s HIPAA compliance and BOE. First and foremost, it maintains and strengthens business valuation. If you are breached it will provide a defense against fines, lawsuits and negative social media. So move the BOE up on your list of priorities. It will pay off in the long run!