How well do you trust your compliance efforts?

 

By Aris Medical Solutions

compliance board game

HIPAA encompasses many aspects. Risk assessments, risk management, and your policies, procedures, documentation are the backbone of compliance.

Most medical providers don’t think about compliance until they are audited. By that time it is too late to mitigate any issues that you may have. The main misconception is that “it will never happen to me”.

A random audit is possible but relatively a low probability. A compliance audit is typically initiated by a disgruntled employee, a patient that feels their privacy has been violated, or a data breach. Once the HIPAA violation is reported then the Office for Civil Rights (OCR) will determine if the complaint will need to be investigated. If it does, depending on the documentation that you provide, will determine whether or not a desk audit will be issued. This is where your policies and procedures are critical. If your employees understand what they need to do, how to do, and what needs to be documented, your chances of a desk audit is greatly reduced. The OCR understands that people make mistakes, but if you don’t learn from them, they will fine you heavily!

Note to self… if you recognize a problem, address it, correct it, and learn from it.

You can survive a audit with proper documentation!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data click here call 877.659.2467.

“Protecting Organizations through Partnership, Education, and Support”

Updating your Contingency Plan

 

By Aris Medical Solutions

HIPAA Disaster

Contingency Planning is more than just a power outage or how to backup and restore your data. A complete plan should include different types of scenarios that could happen in your area.

For those involved in Healthcare, creating a contingency plan is not optional.  Should you have a disaster and are not prepared you can be fined! The Office for Civil Rights (OCR) considers protecting personal information a civil right and they will enforce this if you have a data breach or a situation where your data is not recoverable.

Think about ransomware, have you included this in your contingency plan?

Depending where you are located, have you included how to respond to a hurricane, tornado, snowstorm, or fire?

Where is your data located and what would happen if you had a toilet overflow or a pipe burst?

In light of the recent tragedies have you included a section on workplace violence?

How to create a Contingency plan:

  1. Conduct a thorough HIPAA Risk Assessment. Understand and analyze what type of risks you are vulnerable to. This includes where you are located and what type of computer network that you utilize.
  2. Create a diagram of how your network is configured. This will help you to determine the best method to protect and restore your data from a backup.
  3. Implement a risk management plan that outlines what you have in place and what you will need in the future if it is not possible at the moment. Of course, you will need a timeline if you will be adding to your plan.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

Is it time review your Policies and Procedures?

 

By Aris Medical Solutions

 

As you know you HIPAA Compliance is not a once and done process. It continually changes and evolves as your organization grows and your technology changes. This is a reminder to review what you have in place to ensure it still adequately safeguards your data.

Here are some quick helpful tips:

  1. Review your Notice of Privacy Practices. Have you implemented any new technology or added any new services that needs to posted? If you have a website make sure you update your NPP there as well.
  2. If you have a “Contact us” or an “Appointment Scheduler” form on your website and your website is not HTTPS, we recommend placing a disclaimer advising patients not to send personal information via the form. If you do have an HTTPS site, make sure your hosting vendor understands HIPAA and review where the data is sent and stored.
  3. Review your Technology Equipment. Have you added any new software or hardware? Do you regularly check your firewall settings? Are you reviewing your website security to ensure it is up to date? Are you documenting your IT efforts or reviewing your monthly IT vendor reports?
  4. Have you reviewed your list of Business Associates to ensure you have BA agreement in place with ALL of your Associates?
  5. Review your Inventory list. Have you added any new equipment or have you disposed of any?
  6. Have you conducted your annual HIPAA training for everyone? Is it documented?
  7. Have you tested your Contingency Plan?

Of course we could go on and on, but hopefully this will jumpstart your thinking process! Remember, your Risk Management Plan is a living document that needs to be updated on a continual basis. As you review your compliance efforts be sure to document this in your Plan.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC