Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck!

This series has emphasized:

  1. Being risk management proficient rather than being a "HIPAA Expert".
  2. Being accountable, which means doing the right things and doing them well.
  3. Training is such a significant element today as the human link is often the weakest link in the chain.  Train your staff well to build a "human firewall" to protect your patient's data and your organization.
  4. Have a thorough Risk Assessment performed to identify vulnerabilities and risks that can hurt your organization. A fresh set of experienced eyes can readily see risks and weaknesses that you walk past every day in your workplace.

The last step I'd like to focus on is repeat.  Or should that be "are repeat" as the process doesn't end with just one repeat.   It keeps going and should become part of your standard operating procedures.  Review your highest priority risks every few weeks in a regularly scheduled meeting.  Add new risks discovered and retire defeated risks.  Be accountable to maintain the process and perform it well.

Cyber threats are changing constantly, healthcare personnel turnover is typically high, and your organization is continually changing so your training must evolve as well. Watching the same old VHS training tape for the 5th year is a waste of time and money and sends a clear message on the importance of HIPAA and training in your organization.  Provide new content and new challenges and your workforce will respond. Perform an annual risk assessment to find the new risks and vulnerabilities.  A major change in your organization will introduce new risks, so perform an assessment afterwards.  The best way to protect your organization is to know your weaknesses, strengths, and the enemy. Lastly, repeat again.  Good habits take some time and effort to adopt, but once they are there, they become standard procedures!

If you have challenges with HIPAA and cybersecurity, or preparing for MACRA, contact us at compliance@thirdrock.com.  We can help with free advice, and provide services and support to help protect your organization and your data.

Protect Your Patients.  Protect Your Practice.  Protect Yourself.™

Ed Jones, PMP, CHSP
About the Author

Over 30 years of customer facing experience managing projects in healthcare, IT, process automation in a variety of tech industries, Ed has worked for start-ups to Fortune 100 companies. He has performed numerous complex and extensive risk assessments, and developed and managed the corresponding risk management strategies.

%d bloggers like this: