HIPAA Compliance Tips
Tip One: Establish Privacy Policies
- What information do you collect? – Outline the types of personal information that you collect from customers. This includes home address, e-mail, phone numbers and credit card numbers.
- How do you collect the information? – Websites collect information from customers in many different ways. Even if you don’t actually sell goods through your site you might have an e-mail sign-up for a newsletter, an application for credit or install cookies on the visitor’s computer to track their activities. Disclose how data is being collected to show you have nothing to hide.
- How do you use the information? – Include background on how you share customer information with third parties such as to process orders. If you sell customer information to marketers, explain what information is sold and how it could be used.
- What control does the customer have over their personal information? – Customers need a way to contact your business and control their personal data, whether it’s changing a password on their account or taking their name off of a mailing list. Plan to include a direct phone number or e-mail address that customers can use to manage their information.
- How do you protect the information? - Explain how you protect customer data including, but not limited to, website encryption, limiting employee access to sensitive customer data, and server security.
For additional free advice on keeping customer data safe visit BBB’s Data Security -- Made Simpler.
Tip Two: Ongoing Risk Assessments
HIPAA compliance is not something you can simply worry about one time and forget about. Compliance requires ongoing monitoring and adjustments, so regular risk assessments are a wise idea. By looking for potential risks within your system, you can make adjustments and improvements as needed to ensure compliance over time.
Tip Three: Dealing With Email
How are you going to handle security when it comes to email? Are you going to be able to encrypt all messages sent to patients with private health information? While you don’t necessarily need to send encrypted messages in order to remain compliant, you should inform all patients about the risk of using email for gathering health information and protect yourself by utilizing a compliant Email solution.
Tip Four: Mobile Devices
In the age of mobile devices, it is more important than ever that your practice have a specific set of procedures in place for gathering and storing health information. While there are plenty of advantages to be enjoyed through the use of mobile devices, they also present unique challenges due to their portability. If you are going to use mobile devices in your practice, it is essential that a plan be in place for their management and control – specifically for mobile devices leaving the confines of the office.
Find out more about threats to your mobile device here.
Tip Five: Investigating Breaches
Tip Six: Training Is Essential
Perhaps no single part of the HIPAA compliance process is as important as training. If employees are not properly trained in the execution of procedures, your privacy policies may fail. All employees need to be trained on HIPAA compliance, and on how it will be implemented within their role as part of the practice. Training should be standard for any new hires that come into the facility, and it should also be refreshed from time-to-time as policies change and practices are adjusted.
There are serious ramifications for falling short in terms of HIPAA compliance, but you won’t have to worry about that matter when you have Accessible Compliance on your side. With a staff of professional and experience healthcare professionals on our team, we have all of the experience and knowledge necessary to position your practice well within the limits of the HIPAA guidelines. Please feel free to contact us today to learn more about what we have to offer.