You know that it is absolutely necessary for your company to be HIPAA compliant, but only doing enough to achieve and maintain compliance can still put you at risk when things go wrong. While some of these have an impact on HIPAA compliance, most are just “good business”. Here is a list to keep your company ahead of the curve when it comes to compliance:
- Cyber security is at the top of the list for HIPAA compliance. Carefully saving and storing PHI is critical for maintaining the confidentiality and privacy of your patients. Your company should have all the security controls in place such as encryption, password protection, authentication, and duplicate copies of data in case of fire or other emergency. If you haven't already, consider using a private cloud to store PHI in case of fire or water damage.
- Plan to destroy information: Your company should have a plan in place for destroying information safely and securely so that those documents don't end up in the wrong hands. Make sure to have a secure chain of custody when information is being passed along to an outside entity for removal and destruction. All employees should be alerted to any updates in the company's plan for removing and destroying digital and hard copies of documents.
- Employee screening and training: All employees should follow the same basic screening process including background and reference checks. Make sure employees are only able to access the information they need to perform their job. Keep secure information away from any employees who do not need to access it and routinely monitor secure information to make sure it has not been hacked or accessed by an unauthorized user.
- Back-up plan: It's important to maintain security and privacy for your documents, but it is extremely unwise to assume that information will never be unintentionally destroyed or hacked. Having a contingency plan in place is important to minimize the damage. Have documents stored at an outside facility for security purposes if something happens to your in-house computer system. Train employees on how to handle an emergency, and make sure the procedure and policies are easily accessible to all employees.
Maintaining compliance is important. Many of the compliance strategies for HIPAA and PCI also have ties into running a good business. For more information on how to keep your office HIPAA compliant, contact us today.