(586) 498-0600
12
Sep
2018

How To Do A HIPAA Risk Assessment – Part 2

September 12, 2018
, ,

Now that you know what a HIPAA Risk Assessment is, let’s start with the basics.

To get compliant and avoid substantial fines, you need to know where your protected health information (PHI) is stored, accessed, transmitted and used.

We can help your practice get up to date and prepared to minimize breach risks from employees and third-party vendors. Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog ).

To do this, it is imperative to create a complete inventory of devices at your practice. The OCR will require this inventory if your practice is audited.

Inventories are especially important if your staff is able to access PHI on mobile devices, such as laptops, tablets and cell phones.

What should be included in your inventory?

An inventory should be a comprehensive list of  all hardware used, or that could potentially be used, to access, store or transmit PHI. For each device, the HIPAA Privacy and Security Officers should keep a list of the:

  1. Name of the employee(s) using the device;
  2. Type of the device;
  3. Make of the device;
  4. Model of the device;
  5. Serial number of the device; and
  6. Mobile Equipment Identifier (MEID) of the device, if applicable.

All hardware needs to be inventoried.

This includes: computers, laptops, printers, copiers, fax machines, cell phones, cameras, storage devices, tablets, etc.

And remember, once isn’t enough...

Inventories must be updated regularly, and policies need to be in place that require staff members to report any and all new devices to your HIPAA Privacy and Security Officers.

If a staff member leaves your organization, there must be verification that all computer equipment, software and mobile electronic devices have been returned to avoid potential breaches and OCR fines.

We can help you create a HIPAA risk assessment and a comprehensive compliance plan. Contact us today!

Come back next week for Part 3 of this 5-part series!

We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.

P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.

 

 

Related Posts

October 19, 2021

Should You Continue to Offer Telehealth Appointments?

, ,
October 5, 2021

Can You Trust Your EHR Tech?

, , ,
September 28, 2021

Do you know about HIPAA subpoenas?

, ,

Categories

Recent Posts

Ransomware: To Pay or Not To Pay?
September 19, 2023
What is Estate Planning?
September 14, 2023
Fake Healthcare Bill Collection?
September 5, 2023
Do I Need an Estate Plan if I Have POD Beneficiaries?
August 31, 2023
Is Michigan a Community Property State?
August 24, 2023

Subscribe

Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.