Pathology/Lab Coding Alert

Don’t let your documents get “stale.”

Maybe the answering machine and the flip phone were cutting edge technology the last time you updated your HIPAA compliance plan.

If that’s the case, it’s time to take the plan off the shelf and blow off the dust. There’s a lot to worry about in 2017 with a kaleidoscope of ever changing technologies to make your head spin — from more sophisticated mobile devices and wireless networks to telemedicine, texting, and social media.

Here’s why you should care: “Covered entities and business associates must insulate their practices with a comprehensive compliance plan and risk analysis addressing and mitigating any applicable privacy and security risks,” says John E. Morrone, Esq, a partner at Frier Levitt Attorneys at Law in Pine Brook, NJ. “Through recent settlements, the Office for Civil Rights (OCR) has demonstrated its propensity to impose significant fines on entities that fail to implement appropriate safeguards, independent of the number of affected individuals or the content of the protected health information included in a particular breach.”

Use Our Checklist To See Where You Stand

Here’s a list of things to consider if you want to ensure your HIPAA protocols are in sync with current standards. If you attend to these items, you can avoid both practice and fiscal consequences that might adversely affect your lab:

• Designate someone as your practice security officer and define the duties
• Perform a risk analysis of your organization and identify your information assets and vulnerabilities
• Create a security training program for your staff that includes both a general HIPAA overview and position specifics related to each staffer’s responsibility
• Implement business associate agreements with partners and vendors to ensure they are meeting your compliance standards and protecting PHI
• Identify your most critical applications and the information that is essential to your lab
• Draft a disaster recovery plan that protects your EHRs should catastrophe strike
• Implement first- and multi-factor authentication controls to prevent unauthorized access to your systems
• Audit your systems, looking at access trends by both authorized and unauthorized users
• Test your media and workstations often for viruses, ensuring your software controls are updated and in compliance with current HIPAA standards
• Keep your facility and tools safe with a physical security system
• Analyze systems periodically for effectiveness of their security features
• Integrate a staff policy about taking home portable electronics that have patient information on them
• Put texting protocols into place that include encryption and a secure sign-in process for texting orders or other medical information
• Devise a thorough breach response policy that includes guidance on notification and expediency.

Reminder: If these compliance safeguards aren’t part of your current plan, it’s a good time to revisit your HIPAA policies get your lab up to date.