#5) Budget Budget Budget. Schedule your HIPAA training with mini training sessions throughout the year. Increased frequency of trainings helps employees retain information longer. Budget for software. Focusing on platforms that will allow you to flawlessly navigate, organize and store documents properly for the Compliance process.
#4) Minimize Workstation Security Risks. Record movement of data and hardware systems. Document all portable storage and end points. Review what’s in the cloud, do you know? Document retired equipment. Review and or update Proper disposal of electronic systems and documents. Update passwords and review how interoffice electronic information is transmitted. Review employee accountability and sanction policy.
“We are investigating a ransomware incident that has impacted a limited number of our applications. We are working diligently to restore these systems, and most importantly, to ensure our clients’ data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage.”
3.) Disasters, Natural or Human Made, Reviewing Your Contingency Plans. Review your disaster recovery plan. Revisit analysis for how most critical data is identified. Address incident response
2.) Business Associates, Vendor Contracts & compliance with HIPAA. Have you assessed your vendor or contractor’s HIPAA security? The regulations require you to do due diligence on your business associates. Have you checked out their HIPAA compliance? Changes made with the HIPAA Omnibus bill makes you responsible for any breaches your Business Associates may have. Checking their compliance is prudent.
1.) Review your security and privacy risk management plan, and revisiting your remediation plan. Evaluate how well your firm did last year; Did you have any breaches or near breaches? Have you updated your HIPAA policies & procedures to reflect any needed operational changes to protect your patient PHI? Have you updated your security, privacy risk assessment & remediation plan?