When it comes to getting your office compliant and maintaining that compliance, where do you begin to start?
- Designate a Privacy and Security Officer for your office.
- Your office is a team, but that team needs a manager to A) Create and implement the office’s policies and B) To enforce those policies. HIPAA does allow for this to be the same individual.
- Continuous security training and awareness.
- Your employees can not be expected to follow the HIPAA policies if they have never been properly trained.
- Establish a Workstation Use Plan to manage your employee’s access.
- HIPAA requires you to maintain a log clearly showing each employee’s level of access to PHI.
- Review your Business Associate Agreements to make sure you are fully protected.
- You want to make sure you are not sharing any PHI with a Business Associate that has not signed an air-tight agreement with an Indemnification clause.
- Perform an annual Risk Assessment to identify and address any vulnerabilities.
- A practice can be fined for a violation they were unaware of, if said violation was something that could have been avoided if the practice had done their due diligence. It is your responsibility to understand where you are vulnerable.
It is your responsibility to protect your practice by protecting your patients. The surest way to ensure you are doing this is to have the plans and policies in place, available to all employees, and continuously reinforced.