What practices do you have in place to prevent HIPAA violations? Are you following HIPAA Rules effectively?
Most practices dive in, set up a plan, and continue with a “fingers crossed” strategy, hoping they’re doing enough to get by. It works … sometimes. Yet since its inception, over 361,498 HIPAA complaints have been filed, with penalties reaching $142,663,772.
HIPAA guidance can seem overwhelming. You have policies in place, but are they enough? Where do you start?
Sometimes the best place is to find out where you can go wrong. There are many different types of HIPAA violations, but the most common include:
- Snooping on healthcare records
- Failure to perform an organization-wide risk analysis
- Failure to manage security risks
- Denying patients access to health records
- Failure to enter into a HIPAA-compliant business associate agreement
- Insufficient PHI access controls
- Failure to use encryption to safeguard PHI on portable devices
- Exceeding the 60-day deadline for issuing breach notifications
- Impermissible disclosures of protected health information
- Improper disposal of PHI
Reading that list, do you see problems in your own strategy?
How To Protect Data From HIPAA Violations
What’s the one thing that all common HIPAA violations have in common? They all involve data handled incorrectly. It’s your biggest weakness. It’s your biggest risk.
It’s also where you start to make your practice more secure. A few to start with include:
Regular Staff Meetings
HIPAA requires HIPAA training for all team members who handle PHI. Employees should receive initial training on the practice’s policies and procedures. Periodic refresher training should be part of ongoing regular operations to ensure a culture of compliance and awareness. You can utilize the common HIPAA violations as your checklist, to ensure you’re covering each of these with employees and they understand how to keep data secure.
Security Risk Analysis
How well are you protecting your data today? You can’t control what you don’t know. It’s also what leaves you at risk. Risk assessments and periodic audits help identify vulnerabilities and gaps in security protocols. Each risk assessment should cover all systems, processes, and policies for handling PHI. This is an easy area to ask for help with; a security team with HIPAA knowledge can ensure you’re evaluating your systems and processes effectively.
Safeguard PHI
How is your administration overseeing security measures and safeguarding PHI? This must include policies and procedures for handling data at every level, including:
- Security management
- Workforce security
- Information access
- Security awareness and training
- Security incident procedures
- Contingency plans
- Evaluation
- Business associate agreements
Where’s Your Risk?
Employees are often your biggest risk. They may be performing their jobs with incorrect admin procedures, or gaining unauthorized access to data records. They lose or have digital devices stolen, or dispose of old devices incorrectly. Hackers do cause their share of criminal activity, but it is lower on the list.
If you want to ensure protection, start with your employees. Data protection begins with a more secure office space, and helps everyone do their jobs a bit better.
Need help shoring up your security? Want to ensure your data is safe from HIPAA violations? We can help.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.