Cinco etapas a preparar-se para seu exame da conformidade

August 07, 2014
From the July 2014 issue of HealthCare Business News magazine

By John McCann

The rapid adoption of electronic health records has led to new regulatory requirements and increased HIPAA compliance audits by the Department of Health and Human Services. Combined with added data privacy concerns brought on by the HER movement, it is no surprise that having the proper technical safeguards in place is more important than ever.

Despite growing compliance and data security concerns, many are not implementing the proper network security protocols. These organizations choose to wait and scramble to meet compliance standards once they have been informed of an upcoming audit or worse, after a breach has already occurred.

The HIPAA Security Rule (45 CFR 164.3081) requires health care organizations to “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.”

Organizations are already being fined simply because they did not conduct an assessment and then correct their system’s vulnerabilities.

With that in mind, in order to better secure patient data and begin preparing for your next HIPAA compliance audit, here are five technical safeguards health care organizations should be implementing now:

1. Conduct a risk assessment
Before doing anything else, conduct a thorough risk assessment of your company’s data security policies. Not only is it required by law, but it will also provide you with an accurate depiction of the current state of your network and what areas need improvement in order to meet all compliance standards. Be sure to look at all devices, in and out of your facility, that generate, store, maintain or transmit patient information. All devices, even ones not connected directly to the network, are bound by HIPAA regulations.

To help you get started, check out the free Security Risk Assessment Tool provided by HHS. This tool provides step-by-step instructions on how to properly conduct a thorough HIPAA risk assessment.

2. Customize your security policies
No two heath care providers, or even departments, have the same structure and data security needs. This makes it important that each department helps choose what policies to adopt and how they should be executed. Doing so eliminates all vulnerabilities across the organization that would likely exist if one department spearheaded this process.

3. Establish integrity controls

You Must Be Logged In To Post A Comment