By Doug Parent, CEO and Co-Founder, RingRx
Partners: Do the health-care organizations you work with do everything they can to protect patient records and maintain HIPAA compliance? Probably not. In 2017, there were 477 health-care breaches affecting 5.6 million patient records. Over the past few years, attackers have focused heavily on medical records for their high value and because the security infrastructure surrounding them is typically less sophisticated than what’s guarding financial information.
Unfortunately for those that have failed to maintain compliance, many HIPAA violations result in multimillion-dollar financial settlements that leave the offending health-care organization reeling. Fresenius Medical Care North America settled its case with OCR for $3.5 million. Memorial Healthcare System, which was penalized for insufficient ePHI access controls, was charged a penalty of $5.5 million. Providers understand the urgency.
Fear of a financial hit isn’t the only reason customers must maintain HIPAA compliance, of course. Proper data handling, security and communications procedures can make healthcare organizations more efficient and enable them to provide better service to customers. In truth, setting up the right processes now is crucial to seeing the healthcare business grow into 2019 and beyond. And, being compliant with HIPAA may even help with GDPR, say experts.
Here are a few HIPAA compliance best practices that every health-care organization should follow:
Before you can help a customer improve, you as a trusted adviser needs to know what the organization’s current compliance practices look like, what assets you will be able to leverage and which weak areas need to be focused on. Evaluate every aspect of the organization, from how they store patient information to how patient communication is organized and secured.
A risk assessment following a specific process is a core requirement for HIPAA-compliant organizations. While most health-care companies have run risk assessments, they might not be using the findings in as many of their technology buying decisions as they could be. This makes an assessment an excellent tool for you as a partner to make educated suggestions. Ask to see their most recent risk assessment and make sure it recommends services that are HIPAA-compliant. Since this information is coming from a third-party, it will give your technology recommendations much more authority.
Not only should their assessments determine how damaging a data breach could be to the organization, it should also evaluate what time and resources are being used to maintain current compliance standards. This internal audit will help identify areas for improvement and create new compliance protocols.
Compliance software can be a major benefit for monitoring and maintaining compliance standards. That’s why 41 percent of health-care organizations in one recent study say they plan to …