Contact Sales: | Pay My BillClient SupportLet’s Talk!

How to Prevent a HIPAA Breach

HIPAA (Healthcare Insurance Portability and Accountability Act) is not new. First proposed in 1996, the law was created to protect employees’ health insurance coverage between jobs, to combat waste and fraud by health agencies, and to begin the process of computerizing patient records. In 2013, policies and procedures were enacted to enforce the HIPAA, and to outline the costs of a HIPAA breach. These regulations broadly cover three categories:

  • Physical: Physical access to data storage
  • Technical: Protecting the transmission of PHI
  • Administrative: The outline of procedures that entities must follow to comply with HIPAA

The Enforcement Rule passed in 2006, giving HIPAA the power to investigate potential breaches via HIPAA violation reporting and to fine, and even criminally charge, individuals and organizations not complying.

What is Considered a Breach of HIPAA?

There are many things that will lead to HIPAA violations, but here are a few of the more common ones:

  • Unauthorized access of PHI
  • Failure to conduct risk analysis
  • Lack of safeguards to protect confidentiality of PHI
  • Failure to have HIPAA-compliant business associate agreements with vendors with access to PHI
  • Improper disposal of PHI, including keeping it when it is no longer needed
  • Failure to maintain and monitor PHI access logs
  • Lack of HIPAA training and cybersecurity awareness training
  • Mishandling PHI including texting it and posting it online
  • Not allowing patients to access their PHI
  • Failure to use encryption or other protective measures when transmitting or storing PHI
  • Failure to follow HIPAA violation reporting guidelines, including notifications of a HIPAA breach
  • Failure to document HIPAA compliance efforts

Now that telehealth and remote work have become acceptable ways for organizations to continue to see and treat patients, HIPAA compliance has become even more complicated.

How Can My Organization Prevent a HIPAA Breach?

There are common sense ways you can help protect your healthcare organization from a HIPAA breach, including:

1. Data Encryption is Key to Prevent HIPAA Breach

End-to-end data encryption is a key component to protecting PHI, both in storage and at rest. While the Federal rules don’t require encryption, many states do.

2. Rigorous Firewall and Antivirus

A bad actor can’t use information s/he can’t access, and a good way to keep PHI safe is layering a rigorous firewall, antivirus, and email filter. The best choices in cybersecurity tools will be fueled by AI technology.

3. Cybersecurity Awareness Training

Teaching your staff to be your cybersecurity frontline will help them recognize, and avoid, phishing attempts, malware, spoofing, and ransomware (among others). It will also allow you to introduce a HIPAA-specific Acceptable Use Policy, providing guidance for using device, accessing your network, and what sites can be used while on your network or a work-issued device.

4. Dispose of PHI Documents Safely

Make sure you hire a paper-shredding agency, or put your own documents through a shredder to make sure all outdated PHI is permanently destroyed and disposed of in a safe way. A paper-shredding agency will provide receipts as proof that the records were shredded appropriately lower your organization’s liability in the face of a potential HIPAA breach.

5.  Business Associate Agreements

In other industries, this would be referred to as third-party vendor management. HIPAA has taken the concept and tightened down requirements to ensure that every business that has access to PHI is also compliant with HIPAA.

6. Keep PHI Private

Your staff must be educated to understand that it is never ok to post PHI on social media, to gossip about patients, or to text identifiable patient information. An identity access and management platform is an important way to ensure that PHI is limited to the staff who needs it to perform their job duties.

7. Device Mismanagement

Now that so much work can be done remotely, employees must be more careful than ever with the devices they use to access your network. Some commonsense device security features would be:

Iconic IT, a HIPAA Compliant Industry Leader, has you Covered

Iconic IT has the HIPAA seal of compliance and the knowledge our healthcare and dental practices need to stay safe and free from a HIPAA breach. Contact us now for a free, no obligation consultation and learn how Iconic IT can keep your HIPAA compliancy stress free so you can focus on what is most important: your patients.

Want to assess your own HIPAA compliancy? Download this free, no risk, no obligation HIPAA telecommuting policy and make sure your organization is staying HIPAA compliant and protected from a HIPAA breach, even while working remotely.

HIPAA Telecommuting Policy

RECENT BLOG POST

Computers Blog

Six Tips for Cultivating a Positive Remote Work Culture

Today’s remote employee is independent, productive, aligned with their employer’s remote work culture, and has a perfect work-life balance. Right? Not so fast.
Read Post
charity donations Blog

Identifying Mission Friendly Vendors: What You Don’t Know Can Hurt You

Not all for-profit corporations will have your mission’s best interests at heart. In fact, some vendors can be harmful to your NPO. How can you identify mission friendly vendors that will help you move your vision forward?
Read Post
Blog

Iconic IT Gains Global Recognition in a World-Wide Publication for the Legal Industry

Iconic IT recently published a chapter in the globally renowned book, “Outsourcing of Core Legal Service Functions: How to Capitalize on Opportunities for Law Firms,” released by Globe Law and Business (edited by Norman Clark). Iconic IT was chosen for inclusion in this important book because of our experience in the law industry and our proven expertise in the cybersecurity strategies keeping them safe.
Read Post
PHP Code Snippets Powered By : XYZScripts.com