Here are some top New Year’s resolutions to follow the HIPAA Privacy and Security Rules:
- Make the organization more compliant.
- Build up the security measures within the environment (updated anti-virus, firewall firmware updates).
- Lock down unnecessary outside connections into the organization (vendors, consultants, legacy systems).
- Replace all end-of-life operating systems that no longer have manufacturer support and are a vulnerability to the environment.
- Train all staff regularly, not just once a year (once and done!), so they are educated and aware of all the ways cyber threat actors can attack the business.
- Make certain vendors and other businesses (Business Associates) are properly following HIPAA standards.
- Secure all paperwork containing PHI when not in use. Cover charts if they are visible and never leave records or papers containing PHI unattended, especially at the end of the work day.
- Never share PHI or sensitive data with others who should not have access, including co-workers or personal acquaintances.
- Complete an annual HIPAA Security Risk Analysis and address medium and high risks to the organization as quickly as possible.
- Compile a list of all Business Associates and double check that there is a Business Associate Agreement (BAA) signed (and dated) by both parties.
HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.