Look at this handy guide to put a new spin on your compliance plan.
HIPAA compliance covers every aspect of patient interaction from front desk faux pas to mismanaged monitoring devices. If your plan doesn’t encompass your whole office dynamic, then it might be time for a do-over.
Why this matters: “Covered entities and business associates must insulate their businesses with a comprehensive compliance plan and risk analysis addressing and mitigating any applicable privacy and security risks,” says John E. Morrone, Esq, a partner at Frier Levitt Attorneys at Law in Pine Brook, NJ. “Through recent settlements, OCR has demonstrated its propensity to impose significant fines on entities that fail to implement appropriate safeguards.”
Ensure your HIPAA protocols are in sync with current standards to avoid both practice and fiscal consequences. Peruse the following checklist and guarantee that you’ve got these bases covered:
-
Designate someone as your practice security officer and define the duties.
-
Perform a risk analysis of your organization and identify your information assets and vulnerabilities
-
Create a security training program for your staff that includes both a general HIPAA overview and position specifics related to each staffer’s responsibility.
-
Implement business associate agreements with partners and vendors to ensure they are meeting your compliance standards and protecting PHI.
-
Identify your most critical applications and the information that is essential to your office.
-
Draft a disaster recovery plan that protects your EHRs should catastrophe strike.
-
Implement first- and multi-factor authentication controls to prevent unauthorized access to your systems.
-
Audit your systems, looking at access trends by both authorized and unauthorized users.
-
Test your office media and workstations often for viruses, ensuring your software controls are updated and in compliance with current HIPAA standards.
-
Keep your facility and tools safe with a physical security system.
-
Analyze systems periodically for effectiveness of their security features.
-
Integrate a staff policy about taking home portable electronics that have patient information on them.
-
Put texting protocols into place that include encryption and a secure sign-in process for texting orders or other medical information.
-
Devise a thorough breach response policy that includes guidance on notification and expediency.
Reminder: If these compliance safeguards aren’t part of your current plan, it’s a good time to revisit your HIPAA policies and train your staff accordingly.