When it comes to HIPAA compliance, a large focus is devoted to IT security.
Agencies spend big money on firewalls, malware and antivirus software to protect their network from hackers. Rightfully so, these precautions are important for client protected health information (PHI) security.
While large breaches that affect millions of patients garner much more media coverage, it’s the smaller breaches that add up over time. Mistakes as simple as an email that contains PHI sent without encryption, invoices mailed to the wrong recipient, or an employee who misplaces a mobile device that contains PHI may result in a breach that leads to an unwanted visit from the Office of Civil Rights.
Employee negligence leads to mistakes that cause breaches. Agency leaders don’t do enough to remind employees to keep privacy at the forefront of all job responsibilities.
Often times, agencies will dedicate minimal time, if at all, to privacy training. After a few weeks, employees become complacent and the instruction is forgotten. They return to their apathetic methods for handling PHI.
To counter complacence, use this employee HIPAA checklist:
- Implement an ongoing HIPAA compliance program.
- Perform a risk analysis of your current operations that focus on security, privacy and risk as defined by HIPAA; followed by a detailed report analyzing critical compliance issues.
- Prepare custom documents as mandated by HIPAA that includes: Privacy/Security Policies and Procedures, Notice of Privacy Practices, Breach Notification, Risk Management, and Disaster Recovery.
- Conduct HIPAA training once a year.
- Establish a “Spirit of Compliance” with ongoing compliance activities. Reserve time in weekly meetings to compliance and how to maintain best practice.
Don’t let negligent actions of your employees result in a knock on the door from the government. GRA Benefits Group’s PHI365 HIPAA consulting service provides the necessary steps for compliance:
Risk Analysis, custom HIPAA documentation, annual HIPAA training, and ongoing compliance activities that cultivate a “Spirit of Compliance.”