HIPAA compliance can be tough. However, with a variety of data security worries on the minds of many, it has never been more important, as the penalties for HIPAA violations are expensive. For instance, it cost two organizations nearly $2 million when two laptops were stolen, and Parkview Health had to pay $800,000 in noncompliance fines, according to Health IT Outcomes.
"Healthcare organizations are familiar with risk management," Eric Cowperthwaite of Core Security told the source, "but they aren't necessarily thinking about how they're going to be attacked. You may have a vulnerability management program. But the question is "How do you know which vulnerabilities matter? How do you know which possible attacks are likely - or not?"
HIPAA's purpose is to prevent vulnerabilities in sensitive medical information. Since records in the healthcare industry are overwhelming and rapidly moving toward being stored electronically, it's crucial for organizations to follow HIPAA and keep themselves on track with codes and procedures.
Here are three tips for organizations looking to be HIPAA-compliant:
1. Keep employees updated
Slip-ups most commonly come from those who are unaware of procedures. This means that workers' performance should be monitored and their knowledge about HIPAA compliance should be tested frequently. Training on tactics and procedure should be crucial for those starting out in the company. According to Diagnostic Imaging, there is, however, no guarantee of protection against state privacy claims, regardless of thorough training within the enterprise.
2. Report and respond appropriately
Any suspected breaches should be reported immediately, according to Diagnostic Imaging. HIPAA requires any breaches or complaints be inspected by a private entity and companies should prevent any information from being compromised if the breach was unsuccessful on the first try. After an attack, a firm should review policies and training to determine whether or not any deficiencies caused the breach.
3. Document and be timely
The source added that if a breach is reported late, the organization itself could be partly blamed for the compromise of information. HIPAA states that a lack of initiative to disclose information about a breach can lead to violations. Additionally, any action taken before and after a breach should be well documented. HIPAA requires healthcare companies to have certain documents on file for six years. These tips can help businesses have an easier time facing breaches and become HIPAA-compliant. While healthcare organizations may have greater restrictions on how they file their data and keep their information organized, HIPAA compliance keeps sensitive documents safe for patients and employees.
David Bailey is Senior Vice President at Protected Trust.
Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services. More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.
Comments (0)