5 Steps To Help Your Healthcare Practice Stay HIPAA Compliant

Monday, February 13th, 2017

Instituting a HIPAA compliance program is only the beginning. Staying HIPAA compliant takes time and commitment. It is critical to review the various departments in your practice and make sure that your policies remain up to date.

You may be surprised at how quickly technology evolves and leaves your policies outdated. You may also be surprised at how little HIPAA compliance means to most of your employees. Read on for five tips to help your practice stay HIPAA compliant.

Evaluate your human resources department

Your Human Resources Department (HR) is critical to ensuring your practice remains HIPAA compliant. Check in with your HR department to ensure that HIPAA compliance remains an integral part of regular training for all employees.

You should also institute checks to confirm that new employees are properly trained in HIPAA before they are allowed access to patient records. You can conduct random audits of HR, current, and new employees to triple check compliance. If any employees are in compliance, make a notation in your records. If employees are not properly trained, make sure they receive the necessary training as soon as possible.

Verify passwords are hidden

Audits are critical to ensuring that your employees are remaining HIPAA compliant. Look through work areas to confirm that passwords are not visible on computer screens or paper documents. Some common places that people store passwords include under mouse pads and keyboards, taped onto a wall or monitor, and sometimes behind hospital badges. Passwords should not be stored in any of these easy-to-access locations.

Review risk analysis procedures

Review your risk analysis procedures at least once a year and document any updates or changes to HIPAA compliance policies. If you identify an unforeseen problem, add it to your analysis. Did you add a facility or move locations? Did you add or move IT equipment to a new center? If there were no significant changes, then document that as well. HIPAA compliance is more than the initial design of the procedures. You need to document your continued efforts to update and remain compliant.

Monitor the compliance of your business associates

Probably the largest problem area for most medical institutions is monitoring business associates. Big data requires most hospitals to contract data management to outside vendors. Outsourcing requires you to monitor these business associates to verify that they remain HIPAA compliant.

Schedule HIPAA compliance audits

So how do you remember to conduct all of these checks and audits? Automated scheduling is critical to staying compliant. You do not have to remember to schedule audits each time they should occur, but you should schedule reminders. Also, random checks are a necessary component of any HIPAA compliance review. Schedule reviews of your risk analysis and set dates to examine your business associates.

How do you know which areas of your practice to prioritize? Start with areas that are the biggest threat to your HIPAA compliance. For most institutions, training and lax employee procedures are a good place to begin. The second biggest threat is usually your IT partner. IT companies and their employees can access all of your patient records in mere moments. You must work closely with these companies to ensure that they remain HIPAA compliant.

HIPAA compliance is an ongoing process that requires extensive initial training and continued training and audits. The attorneys at Brown & Fortunato can help you create and maintain a HIPAA compliance program. If you would like more information about our services, call us today at 806-345-6300 or Contact Us via email to schedule a consultation. You can also visit us in person at 905 S. Fillmore, Ste. 400 in Amarillo, Texas.

This information is subject to change. Please check for updates that are more recent than the published date of this article.