Is your website HIPPA Compliant?
Hopefully if you are reading this you are already familiar with what HIPPA compliancy means and how important it is from both a security and privacy standpoint to maintain these strict guidelines. With the rise of HIPPA litigation it’s never been more important to pay attention to a subject that was easily overlooked in the past.
Since most health care related documentation has been digitized, this has increased the realm of opportunities for this sensitive data to be exposed. It is generally considered common practice to have a HIPPA policy and perhaps a full-time HIPPA compliant officer on staff. Unfortunately this is too important of a matter to delegate the full responsibility.
In general, the following list lays out what you need to be concerned about.
- Information regarding the 6 annual audit/assessment requirements
- Documenting gaps found in the above audits/assessments
- Plans to repair the gaps found
- Marinating staff HIPPA training standards
- Are your HIPPA Policies and Procedures inline with the current HIPPA
Privacy, Security and breach notification rules
- Is your list of Vendors and Business Associates complete
- Identifying your procedures for breaches or incidents
There are two assessments that need to be performed annually, they are the Security Risk and Privacy Assessments. You’ll also need to perform these audits, HITECH Subtitle D, Security Standards, Asset and Device, and the Physical Site audit. Once the audits/assessments have been performed you’ll want to properly document any shortcomings found.
After documentation it is important to immediately begin addressing the issues. When doing this it is imperative to verify that all remediation methods are up to date.
Once any issues have been resolved you’ll need to make sure employees are trained and kept updated to current standards. This is also a great time to begin delegating some of these responsibilities to an in-house Compliance, Privacy or Security officer. In turn the Compliance officer should be able to make sure all the legal issues are taken care and maintaining the proper documentation.
Unfortunately you not only have to be concerned with how you handle the sensitive data, but how any of your vendors or associates entangle with you. Having proper business agreements and performing due diligence can help prevent issues. It is just as important though to have policies in place for what happens if there is a breach.
If an issue arises having the plan to deal with it in place can alleviate the stress involved of reporting. It can also be seen as encouraging to allow staff to anonymously report any suspected areas of concern. HIPPA violations are never something that is better to deal with after the fact. If you can prevent them that is the way to do it.
According to the Department of Health and Human Services there appears to be a trend in HIPPA complaint filings. See the graphic below.