Over the course of its day-to-day operations, every organization acquires, stores, and transmits Protected Health Information (PHI), including names, email addresses, phone numbers, account numbers, and social security numbers.
Yet the security of each organization’s PHI varies dramatically, as does its need for compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Organizations that meet the definition of a covered entity or business associate under HIPAA must comply with requirements to protect the privacy and security of health information.
Noncompliance can have devastating consequences for an organization, including:
|•||Civil violations, with fines ranging from $100 to $50,000 per violation|
|•||Criminal penalties, with fines ranging from around $50,000 to $250,000, plus imprisonment|
All it takes is just one security or privacy breach. As breaches of all kinds continue to rise, this may be the perfect time to evaluate the health of your organization’s HIPAA compliance. To keep in compliance and minimize your risk of a breach, your organization should have:
|•||An up-to-date and comprehensive HIPAA security and privacy plan|
|•||Comprehensive HIPAA training for employees|
|•||Staff who are aware of all PHI categories|
|•||Sufficiently encrypted devices and strong password policies|
If your organization doesn’t have these safeguards in place, it’s time to start preparing for the worst — and undergo a HIPAA health check.
HIPAA Health Check: A Thorough Diagnosis
Organizations need to understand what they have in place, and where they need to bolster their practice. Here are a variety of fact-finding methods and tools we recommend, including (but not limited to):
|•||Administrative, technical, and physical risk analyses|
|•||Policy, procedure, and business documentation reviews|
|•||Staff surveys and interviews|
|•||IT audits and testing of data security|
Once you have diagnosed your organization’s “as-is” status, you need to move your organization toward the “to-be” status — that is, toward HIPAA compliance — by:
|•||Prioritizing your HIPAA security and privacy risks|
|•||Developing tactics to mitigate those risks|
|•||Providing tools and tactics for security and privacy breach prevention and minimization|
|•||Creating or updating policies, procedures, and business documents, including a HIPAA security
and privacy plan
As each organization is different, there are many factors to consider as you go through these processes, and customize your approach to the HIPAA-compliance needs of your organization.
The Road to Wellness
An ounce of prevention is worth a pound of cure. Don’t let a security or privacy breach jump-start the compliance process. Reach out to us for a HIPAA health check. Contact us if you have any questions on how to get your organization on the road to wellness.