By Diane Evans
The new year presents a good time to pinpoint any gaps in your data security program as required under the Health Insurance Portability and Accountability Act (HIPAA).
A good place to start is with a high-level, self evaluation of data security essentials, just based on what you currently know for sure. Here are key points to consider:
Have you designated a Privacy and Security Officer who has adequate time and sufficient training and/or experience to oversee an effective compliance and data security program?
Has your organization adopted a complete set of security policies as required under HIPAA?
Do you periodically conduct a compliant risk assessment, taking into account all places where data is maintained, created, received and transmitted?
Do you have Business Associate Agreements in place with all 3-party contractors or vendors with potential access to confidential information entrusted to your organization?
Are you adequately training staff in breach prevention, with training aligned to levels of job responsibilities?
Do you have breach reporting processes in place, so that staff at all levels know the signs of a privacy or data breach – and know immediately how to report suspicious activity?
For extra help: Download our complimentary 14-Point Risk Assessment Survey available from the top of our homepage at www.guardededge.com.
About the author
Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care. Diane can be reached at devans@guardededge.com. She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association.
Comments