Tip: Tighten your HIPAA security policies and procedures
HIPAA Weekly Advisor, December 26, 2008
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Providence Health & Services in Seattle is paying the price for violating HIPAA. A $100,000 resolution agreement is only the beginning. Implementing a corrective action plan to ensure its security program meets the letter of the law will cost them even more. So what can you do to make sure your facility has its HIPAA security checks in place and avoid an audit, monetary fines and public scrutiny?
For starters, consider these tips offered by Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA, and John Parmigiani, MS, BES, president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD:
Have a strong termination policy. When an employee is terminated or leaves your facility, completely suspend their access privileges.
Create a policy and procedure. “Lawyers would say having a policy and looking the other way is worse than not having a policy at all,” Borten says. It may be less defensible than not having a policy at all. “If you have policies, and you don’t practice them, you’re setting yourself up for a greater fall,” Parmigiani says.
Encrypt all information on the Internet. If it isn’t encrypted, the information has the potential to be exposed, Borten said.
Always be prepared. “Just because you got through 2008 and didn’t get dinged, they are looking at these over a period of years,” Parmigiani says. “You really have to be on your toes and make sure you constantly are audit-ready.” Do your own internal audits to keep on top of potential risks, he recommends.
Editor’s note: These tips were adapted from an article in the January issue of Briefings on HIPAA. For more tips, see next week’s edition of HIPAA Weekly Advisor.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Comments
0 comments on “Tip: Tighten your HIPAA security policies and procedures ”
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- COT basics to best
- Searched