Think You're HIPAA Compliant? Think Again.
Ten Examples of Things Often Missed...
1) Do you keep a New-Hire/Termination Log?
A log of all your employees, when they were brought on, and when they left the company. Included should be the HIPAA steps that need to be followed when a new employee is hired or an employee leaves.
2) Where is your Training Log?
Do you have a log of when each employee was trained on HIPAA rules related to their position and what they were?
3) Do you have a Sanctions Log?
All violations of ePHI and other HIPAA violations must be documented, along with the corrective measures taken in each instant. Without this you are open to liability.
4) Where is your ePHI Breach Response Plan?
You must have a policy & procedure document showing your response when ePHI has been breached, and your employees aware of it.
5) You must have a HIPAA-Qualified SRA
Many healthcare businesses ask their I.T. people if they have had an SRA (Security Risk Assessment). This is a general term in the I.T. world so they may honestly believe you've had one. But there are much more specific things involved in an SRA for HIPAA Purposes. It must cover not only technology, but administrative and physical security issues.
6) Is your server room secured properly?
Many facilities have a lock on their server room, but is the entry access unique from access to areas for employees or vendors who should not have server access? Does your server share space with people or equipment it shouldn't? If either of these is unsure, then ePHI is improperly protected.
7) Do you have a Firewall device?
HIPAA standards for protecting your data cannot realistically be met without a firewall. These devices help protect your network from intrusion and regulate all incoming communications. They must be set up properly with the correct settings.
8) What is the length of time you've set for your workstation password expiration?
Yes, your passwords must be correctly 0set to expire.
9) Are all of your PC and server drives encrypted?
All drives on all machines must be encrypted, with users trained to keep it that way.
10) These are just a few points...
While these points are some biggies we often see, there are many more standards. We know what a headache this can be for someone trying to focus on the business of healthcare. That is why we will handle this for you, and integrate the standards smoothly into your natural workflow so as to become second nature.
See also: How Much Risk is Your Practice Facing?
Serving Houston and surrounding areas: Angleton, Bellaire, Brazoria, Clute, Danbury, Freeport, Jones Creek, Lake Jackson, Oyster Creek,
Pearland, Richwood, Rosharon, Sugar Land, Sweeny, West Columbia.
DSTech Solutions, LLC | 703 Avondale Street, Houston, TX 77006 | Hours: Mon-Fri 8am-5pm (24 hour Emergency Response for MSP clients) | 832-975-1825 | [email protected]