Today, more than at any time before, medical offices of all disciplines and, Business Associates alike, are faced with challenges not imagined just a few years ago.
As if it wasn’t enough that reimbursements are always in danger of being reduced, now, there are bad actors from all over the world that attempt to steal your confidential patient data or create a disruption that keeps you from getting to that data.
Not every practice has the resources to buy expensive equipment and hire full-time IT services BUT . . . there are three things that EVERY practice CAN AFFORD to do that will allow you to:
- MEET THE REQUIREMENTS OF THE HIPAA PRIVACY AND SECURITY RULES,
- PROVE YOUR INTENTIONS TO MITIGATE ANY UNAUTHORIZED RELEASE OF PERSONALLY IDENTIFIABLE INFORMATION, (PII) and,
- HELP YOU TO DEFEND YOUR PRACTICE IF YOU SUFFER A SECURITY INCIDENT.
Those three (3) safeguards are
1. Security Risk Analysis
required by the HIPAA Security Rule and an integral part of the MACRA program.
2. Documented Policies and Procedures
required by both the HIPAA Privacy and Security rules and vitally important in the event of an OCR audit or in the event of a breach resulting in the unauthorized release of protected health information.
3. Employee Training
required under HIPAA and in Texas, there is an additional training requirement found under Texas House Bill 300 and Texas Senate Bill 1609.