Is your medical practice following current HIPAA compliance guidelines? Keeping track of current regulations is challenging and time consuming. But disregard for mandatory patient privacy laws can bring costly violations, fines, and penalties if a breach occurs. The following checklists outline important steps that organizations must take to secure Protected Health Information (PHI). Keep these checklists on hand to help keep your practice compliant.
Administrative Safeguards
- Conduct an accurate and thorough risk assessment.
- Implement security measures that address and reduce all known and assessed risks.
- Sanction employees who fail to comply with security policies and practices.
- Review activity of information systems such as audit logs and access reports.
- Designate a security officer responsible for developing and implementing security policies and practices.
- Write practices that prevent unauthorized workers from accessing PHI while ensuring appropriate access levels for authorized workers.
- Enact practices that provide methods of authorizing access to PHI and supervising employees who work with PHI.
- Terminate employee access to PHI at the conclusion of employment or as otherwise necessary.
- Mandate training for all employees regarding PHI security awareness.
- Ensure that security updates take place as needed.
- Monitor log-in attempts.
- Manage passwords effectively.
Physical Safeguards
- Limit physical access to facilities housing electronic information systems.
- Implement a security plan to prevent unauthorized physical access to facilities and equipment.
- Maintain documentation of all repairs and modifications to the physical components related to the security of a facility. & & Stay Compliant 13
- Enact policies for appropriate workstation use and physical security.
- Write policies for the receipt, removal, internal movement, and disposal of hardware and electronic media containing PHI.
- Maintain records of the movements of hardware and electronic media containing PHI that document any personnel involved.
Technical Safeguards
- Implement technical policies that allow access only to authorized persons.
- Assign each employee with a unique username or number.
- Establish policies for gaining emergency access to PHI.
- Implement automatic logoff procedures.
- Establish mechanisms for encrypting and decrypting PHI.
- Utilize mechanisms that prevent improper alterations to or destruction of PHI.
- Record and review activity in systems containing PHI.
- Create audit controls that ensure that PHI has not been improperly altered or destroyed.
- Verify the identity of individuals or entities seeking access to PHI.
- Transmit PHI utilizing secure technology.
With instances of data breaches on the rise, all organizations that handle PHI must take necessary steps to protect sensitive information. Our new HIPAA Compliance e-book explains and outlines best practices to protect your office from security vulnerabilities that could lead to HIPAA violation. Download it today.