By Aris Medical Solutions
As you know you HIPAA Compliance is not a once and done process. It continually changes and evolves as your organization grows and your technology changes. This is a reminder to review what you have in place to ensure it still adequately safeguards your data.
Here are some quick helpful tips:
- Review your Notice of Privacy Practices. Have you implemented any new technology or added any new services that needs to posted? If you have a website make sure you update your NPP there as well.
- If you have a “Contact us” or an “Appointment Scheduler” form on your website and your website is not HTTPS, we recommend placing a disclaimer advising patients not to send personal information via the form. If you do have an HTTPS site, make sure your hosting vendor understands HIPAA and review where the data is sent and stored.
- Review your Technology Equipment. Have you added any new software or hardware? Do you regularly check your firewall settings? Are you reviewing your website security to ensure it is up to date? Are you documenting your IT efforts or reviewing your monthly IT vendor reports?
- Have you reviewed your list of Business Associates to ensure you have BA agreement in place with ALL of your Associates?
- Review your Inventory list. Have you added any new equipment or have you disposed of any?
- Have you conducted your annual HIPAA training for everyone? Is it documented?
- Have you tested your Contingency Plan?
Of course we could go on and on, but hopefully this will jumpstart your thinking process! Remember, your Risk Management Plan is a living document that needs to be updated on a continual basis. As you review your compliance efforts be sure to document this in your Plan.
For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.
“Protecting Organizations through Partnership, Education, and Support”