Dedicate a Privacy Officer
Patient complaints are a common cause of government investigations. This is why it is important to have a HIPAA Privacy Officer. Make sure that your office knows is your Privacy Officer. The Privacy Officer is responsible for responding to patients’ concerns about HIPAA at your practice. You should elect someone in the office that is trained in HIPAA and is empathetic so that they can reassure your patients that you are taking proper steps to protect their information.
Test Your Backups
Having a backup policy is important, however what is the use of the backups if they cannot be restored when they are needed? There have been many cases where offices thought they were backing up their data, only to find that when the backup was needed, it could not be used to restore the data. You might need to restore your data in the following situations
A disaster such as a fire
A hard disk failure of crash of your server
A ransomware attack or some other form of malware
Should you experience one of these events, you need to have a backup that can be used to restore your data. Testing your backups ensures that backup will be usable to restore your data when you need it. Part of your HIPAA security plan is a policy to test that you can restore your backups on a regular basis. TLD Systems would recommend testing that you can restore your backup at least every 90 days. The best way to test you can restore your backup is to work with your software provider to send them the backups and confirm that the backup can be restored.
Proper Disposal of Patient Records
Patient records can be stored as hard copy (paper) or on computer (digital) records. In both cases it is important that when you disposed of patient records it is done in a secure manner.
Hard Copy patient information : This can be forms, written information or printed documents with patient information, which is defined as any identifiable information including a patient’s first name, last name, address, phone number, etc. You can shred these documents in your office yourself. TLD Systems would recommend using a cross-cut shredder. You can also elect to use a shredding company. Like any other company that does work on behalf of your office that you are providing patient information to, you would need a Business Associate Agreement with the Shredding Company.
For electronic information, it is especially important to dispose of the hardware properly. Any device that is connected to your network should either be wiped or destroyed to such an extent that it cannot be restored before being removed from your office. If you are using a company to wipe/destroy your hardware, you will need a Business Associate Agreement with that entity. It is important to track when and how these devices are being disposed of. In the TLD Systems Risk Analysis we track all the devices in your office as well as their disposal details.
For more information on how we can help your office be HIPAA Compliant, call (631) 403 6687 or email info@tldsystems.com
Read Comments