Friday, April 24, 2009

Security best practices under HIPAA

- Document Everything – look through the rule, pick out each standard and each implementation specification and create a chart that briefly describes how you are addressing each.
- Require and use strong passwords – teach your staff andcoworkers how to create them
- Limit systems access to those who absolutely need it for their jobs
- Create written policies and procedures detailing the requirements
- Provide regular (annual) training
- Audit your own compliance
- Check state law for breach/incident notice requirements
- Be afraid. These rules apply to the smallest medical practices and the largest healthsystems and health plans
- Information Security is a hot topic. New lawsare being passed constantly.
- HIPAA may not provide for a private right of action but novel legal arguments are beingtested
- A major breach in your information securitycan be a public relations disaster.
- The media will be quick to report an inappropriate release of significant amounts of PHI

No comments:

Post a Comment