The bottom line to successfully address security regulations and safety measures is to have an organized security plan, which should include the following three elements: adequate, regular training, current and communicative policies and procedures, and employee knowledge of government sanctions.
"Developing a sound security program is only effective in how it's built," says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. "Part of the plan is what security measures to follow, what are my needs. You need to put that together in an organized fashion."
Use these five steps to develop a successful staff plan and see results:
1. Research the best places to get information (e.g., HIPAA Academy).
2. Implement changes as needed. Set up a tool to easily insert new information into the system.
3. Staff training: Sign confidentiality agreements, documentation, and policies and procedures, and follow government sanctions.
4. Conduct a risk assessment, audit, and/or analysis. The assessment is the first way to prioritize the most important areas, examine the threats, and identify what is already in place for your plan. The audit is a way to detect what has happened with risk management areas of your practice.
5. Evaluation helps determine whether changes are working in the practice, whether the plan is effective, and whether there have been any significant changes in the market.
Shannon Sousa is the editor of The Doctor's Office. She may be reached at ssousa@hcpro.com. This story was adapted from one that first appeared in the February edition of The Doctor's Office, a monthly newsletter by HealthLeaders Media.