Invite a Friend

Sitemap

Home

Technology
e-Newsletter

Intelligence Unit

Special Reports

Special Events

Subscribe/Buy

Sponsored

Departments

Follow Us

Home > Technology > Tech News & Analysis

Top HIPAA Lessons for Hospital Leaders

Comment

RSS

News Widget

Dom Nicastro, February 16, 2010

So how can you avoid those messes?

Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA, and John Parmigiani, MS, BES, president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, offered some tips during their HCPro, Inc., audio conference after Providence got dinged:

Have a strong termination policy. When an employee is terminated or leaves your facility, completely suspend his or her access privileges.

Create a policy and procedure. "Lawyers would say having a policy and looking the other way is worse than not having a policy at all," Borten said.

Encrypt all information on the Internet. If it isn't encrypted, the information has the potential to be exposed, Borten said.

Always be prepared. "You really have to be on your toes and make sure you constantly are audit-ready," Parmigiani said. Conduct internal audits to keep on top of potential risks.

Keep your training programs active. Beef up training, especially for remote access employees, many of whom use mobile devices. "Make sure people understand there are rules of engagement," said Parmigiani. Update your training process frequently based on regulatory changes and offer your training via various methods. Don't just stick to classroom settings or online training; mix it up and make it ongoing, he added.

Act fast. Make sure you have an excellent detection and incident response program in the event a violation occurs.

Know your players. HIPAA security auditors will no doubt ask who is responsible for what at your facility. Everyone should be able to explain what they do and why, Parmigiani said.

Document compliance. "Lawyers will say if it's not documented, it did not happen," Borten said. "If it's not in the record, I don't have any evidence that it happened." To be audit-ready, thoroughly document your efforts to remain compliant.

Prepare for auditors, even if you're small. Smaller hospital systems are not impervious to an audit, Borten and Parmigiani agreed.

To find out more, go to the Briefings on HIPAA newsletter.

1 | 2

RSS

Archive

Be the first to make a comment

Comments are moderated. Please be patient.

Web Exclusive: Healthcare Data Breaches Lag Other Industries

Healthcare accounted for the least amount of data breaches according to a joint Verizon and US Secret Service report. The industry represented just 3% of breaches, while financial services accounted for the...

WellPoint security glitch is 3rd in 3 1/2 years

A security glitch at a WellPoint website may have publicly exposed the medical records and credit-card numbers of roughly 470,000 customers, including about 23,000 in Indiana. The lapse, which lasted from...

OCR Will Post Names of Private Practices That Violate HIPAA

The Office of Civil Rights confirmed in an e-mail to HealthLeaders Media Friday afternoon that it will begin posting on its breach notification Web site the names of entities they consider...

Handbook: HIPAA Handbook for Coders, Billers and HIM Staff

Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand their roles and responsibilities in protecting patient privacy and...

go to complete list