HIPAA: Reducing Your Liabilities
As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden. They tend to see it as painful compliance overhead and a total waste of time. But, that is a very dangerous view of HIPAA compliance.
HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES. It reduces the likelihood of having patient health information (PHI) stolen, corrupted or destroyed. This is the Confidentiality, Integrity, and Availability (CIA) portion of HIPAA. Which if you do experience a breach will cost you, the healthcare provider, in law suites, remediation, and lost revenue. The HIPAA fines will be later and painful too, but they're not the only issue.
Instead of viewing HIPAA as a costly and painful overhead, it should be viewed as a guide for Standard Operating Procedures. By making basic changes to how you operate your healthcare business and learning to mitigate other risks, you will greatly reduce your liabilities. So what are those changes?
- Annual, thorough, non-biased risk assessment (security risk analysis)
- Taking corrective action on issues found in the risk assessment
- Regular privacy and security training for the entire staff, including doctors
- Creating simple, usable policies and procedures which provide guides to better communications and operations
- Improving cyber-security defenses, including tested backups, encryption, improved defenses
- Tracking your business associates that access PHI/ePHI