Every week brings another story of a healthcare provider caught up in a data breach. Did you know that nearly half of all data breaches now
occur in healthcare? That attacks by hackers on providers are up more than 100% since 2010? That a typical breach of patient data
costs $6.5 million in liability and enforcement fines?
There are three basic steps every organization should take to be HIPAA compliant:
1) Conduct a Risk Analysis - A Risk Analysis is the first requirement of the HIPAA Security
Rule, and it is also a core requirement for Meaningful Use. A Risk Analysis provides a map
to HIPAA compliance. Every organization subject to HIPAA must conduct a Risk Analysis
and remediate gaps it identifies. Failure to conduct the Risk Analysis is a major HIPAA
violation subject to fines and loss of Meaningful Use incentives.
2) Implement HIPAA Documentation - Every medical practice is required to have updated
HIPAA documentation, including policies and procedures, Business Associate Agreements,
and the Notice of Privacy Practices. Few providers realize that documentation must be
updated to reflect the requirements of the HIPAA Omnibus Final Rule of 2013. Note that
documentation is included at no additional charge with Continuous Monitoring.
3) Complete HIPAA Training - Every staff member who comes into contact with Protected
Health Information must complete HIPAA Workforce Training annually. This brief, affordable
training will help staff to understand the law’s requirements and provides practical advice on
preventing breaches. The law also requires every covered organization to designate a
Security Officer, a staff member who helps to ensure compliance. This individual should
complete more comprehensive HIPAA Security Officer training.
Please feel free to contact us with any of your HIPAA questions or support needs: