While it may not feel like it (still no flying cars), the world and our daily lives have become far more complex. Especially when it comes to how we access, move, and store data. When it comes to healthcare, these advancements also mean increased potential for the unintended breach of a patient’s privacy.
Download The 5 Most Overlooked Steps to HIPAA Compliance.
The high-tech act significantly increased the civil monetary penalties for HIPAA privacy violations or lack of breach notification, while the federal government can always impose criminal penalties.
This has created a sense of urgency for medical and dental practices to better understand their security requirements and reevaluate their privacy policies.
How many practices feel they are only 90, 75, or even 50% HIPAA Compliant? Many facilities may not even know that just because they don’t send electronic claims, it does not release them from the legal and ethical obligation to protect patient privacy.
The most daunting and time-consuming challenge is the risk analysis. It is multi-layered and involves a taking hard look at each aspect of your administrative, technical, and security safeguards:
Once your risk analysis is complete, it’s time to develop written policies and procedures based on what you’ve learned.
Lastly, you are required to have ONGOING training for your team. What does “ongoing” mean?
I suggest that at least once a month you set aside 30 minutes to discuss issues that may have arisen or situations that need correction. It is also a great time to “work your way through” the extensive procedure manual by going over a few pages at a time.
A critical aspect of this is to document the training. Like everything else… you must be able to prove that this is something you are taking seriously.
A breach occurs when the privacy or security of the patient is compromised because someone acquired, accessed, used, or disclosed protected patient information.
In my experience as a HIPAA consultant, most of my smaller clients are dental practices with 1-3 doctors backing up their clinical software and patient information. They usually do not have the luxury of a dedicated IT staff member, and often they rely on their preferred IT integrator, or the most technical person in the office to get the job done. Often this means, that the backup method they have been utilizing is not secure.
Some offices may back up when they close the month but have never tested restoring data from their backups. They may backup to a tape daily, but only have their data located onsite – possibly even unencrypted. We’ve even seen cases where there was no backup being done due to confused policies, and the assumption that someone else was doing it.
Practices must perform daily backups using a product such as NovaBACKUP for them to be protected from data loss and to keep them in compliance with HIPAA. Not only does NovaBACKUP meet the stricter HIPAA mandates, but their support team is also located locally for easy access, offering remote Setup Assistance.
Having an automated backup schedule reduces the amount of effort required by the practice, while email summary reports deliver immediate confirmation that backups have been completed successfully.
These reports make the Security Officials' job much easier in terms of auditing, providing a level of confidence that a restore can be rapidly accomplished should data ever be lost or compromised.
It’s all about assessment and mitigation. Reaching the state of HIPAA compliance is an ongoing process. While the multiple layers of rules and regulations can be intimidating, this should certainly not cause you to delay in taking on the issues of data security in your environment. You must get started on this process right away! If you are selected for an audit, you could be required to produce your procedural manual and risk assessment in as little as 10 days.
What I have tried to accomplish here today is to provide an overview of the basic information that can work as a first step toward bringing your office into compliance. Taking the next step means a risk analysis and putting together a comprehensive HIPAA protocol and policy program.
For information about HIPAA-compliant backup software visit: https://www.novabackup.com/solutions/medical-backup.