Many healthcare providers understand that the healthcare environment is moving toward an electronic age, yet many healthcare providers are not proactively implementing proper safeguards to protect their electronic protected health information. Leon Rodriguez, Director of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), shared a variety privacy and security subjects that should be of utmost importance to healthcare providers:
1. Healthcare providers need to conduct a thorough risk assessment. “One interesting finding that cut across a number of different providers, but was specifically the case for a number of smaller providers, was the failure to conduct risk analysis, which parallels our findings from settlement cases. That’s a fundamental process that the HIPAA security rule requires of covered entities, yet either the analysis wasn’t covered at all or it was woefully incomplete. So we’re looking at if you assessed risk, did you do it consistently?”
2. Healthcare providers must encrypt their data. “Encrypt, encrypt, encrypt! It’s absolutely the most reliable way to ensure you don’t have to send out breach notification letters and the most reliable way to protect electronic [PHI].”
3. Practices need to implement HIPAA administrative safeguards to minimize human mistakes. “Providers should focus on administrative and physical safeguards, such as how you lock your workplace. Have disciplinary policies that you live by and recognize that there are going to be human frailties; we want to minimize those consequences.” Article.
Healthcare providers need to work with specialized healthcare counsel to conduct a thorough risk assessment, maintain appropriate policies and procedures, and effectively train staff on HIPAA related issues.
Have you performed a risk assessment? We can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.