5 Tips for HIPAA Compliance
HIPAA has been a buzz word in the medical industry for the past few years now. Hopefully this is old news to you, but are you sure that your practice is doing everything it needs to do to follow HIPAA compliance? It’s easy to turn a blind eye when repercussions don’t seem imminent. However, the last thing you want is to be caught with a violation – these penalties can be expensive, up to thousands of dollars. Is your practice protected?
Have your employees been trained properly?
Providing training to your employees ensures that everyone knows what information may and may not be shared, and how to share it. Does your front office staff make sure they shred documents with protected patient info, or do they end up in the trash? Office chit-chat regarding patient medical information should be avoided, especially in front of patients. Even cell phone use in the office can be a risk.
Do you have anti-virus and firewall set up?
Investing in a quality, paid, business-grade anti-virus software and firewall will help keep your network secure. Of course, no setup can ever guarantee you 100% protection, but a good anti-virus and firewall will help safeguard your data and prevent malicious attacks and viruses. DTC offers business grade anti-virus software and firewall to help protect your patients’ data, letting you focus on running your practice.
Do you have a plan in place in case of a data breach?
Anything from a hacker, ransomware, cyber attack, or stolen computer can cause a data breach. For breaches that involve more than 500 patients, there is a whole list of actions you must take. Making sure you have a solid IT provider can help you prevent breaches from occurring in the first place. In addition to anti-virus and firewall protection, our cloud-based solutions and disaster recovery services provide you with a daily image of your server, so that in the event of a breach or system failure, your data will be securely recorded to get you back up and running as soon as possible.
Do you know where information sent via email ends up?
Using an encrypted email service is a necessity to help protect patient information. If you’re using a free email service, it is likely that your emails are not protected according to HIPAA standards. Sending sensitive information over the Internet is risky! Using an encrypted email service makes it easy for you to protect the content of your emails as they are sent. DTC offers encrypted email services to meet your practice’s security needs. These email services are HIPAA compliant and make sure that your messages are encrypted from the moment you hit “send.”
Do you have Business Associate Agreements (BAAs) in place?
A BAA is a written arrangement that specifies responsibilities when it comes to PHI. Anyone – individual or business – that works with your business and has access to PHI is considered a business associate and must sign a BAA. Anyone from your IT company to your email service provider can be considered a business associate – if they can interact with PHI, they should sign a business associate agreement. For more information, read Health IT Security’s breakdown of the HIPAA Business Associate Agreement.