By Diane Evans
Once again, another data breach – resulting in federal fines – sends a compelling message to healthcare executives: Do what’s in your power to prevent breaches, and that entails a comprehensive risk assessment.
Risk Assessment reveals potential vulnerabilities to your data security. By identifying these vulnerabilities, you can apply proven practices to prevent data breaches – and avoid the disruptions.
The big challenge is to identify and evaluate the security of all places where data could potentially be accessed, both in electronic formats and on paper. This requires an assessment of all places where protected information is created, maintained, received, or transmitted.
Here are some things to consider:
Preparation
Do you have documented processes that will guide managers in identifying risks and assessing the security of all places where private information may be accessed.
You will need:
❑ Mapping and inventory processes
❑ Workflow Analysis
❑ Risk Assessment processes and documentation
Assignments
Do you assign specific duties to managers to evaluate their respective departments for risk, and set deadlines for completing reports? Keep in mind:
❑ Program Assessments
❑ Building Assessments
❑ IT Assessments
❑ Training Assessments
Remediation
Do you act quickly to address bad practices that pose high risks? Focus on high risks with the greatest potential for disruption as you:
❑ Prioritize
❑ Evaluate
❑ Act
Action Item for Long Term Care Executives: Read about best practices for preventing cybercrime on the federal government’s website.
#HIPAA Compliance
#Risk assessment under HIPAA
#Data management for long-term care
#Data security best practices for long-term care
About the author
Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care. Diane can be reached at devans@guardededge.com. She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association.
Comments