Annual HIPAA Training
HIPAA can be complicated, and it is due to misunderstanding or ignorance that there are HIPAA incidents or breaches. Did you know that HIPAA guarantees patient’s rights to their information? This includes their patient records as well as their billing information. If a patient requests access to their information, you are required to provide that information as soon as possible. (Understanding the Right of Access Rule)
There was recently a violation of the Right of Access Rule that cost a private practice $100,000. To protect your office, it is important to educate your staff on the HIPAA rules which begins with annual HIPAA training. If you are a TLD Systems client, you have unlimited access to our live HIPAA training courses which also allow you to ask a HIPAA expert any questions you may have at the end of the webinar.
Upcoming HIPAA Trainings:
Thursday, November 12, 2020 at 3 pm Eastern
Tuesday, December 15, 2020 at 7 pm Eastern
Deactivate terminated employees’ accounts
Once an employee no longer works for your practice, you need to remove any access the employee had to patient information. This can be returning keys to the office or changing the codes on the alarm system. Most importantly, this refers to deactivating the employee’s accounts in your EHR system. You will need to deactivate the employee’s account completely. You do not want an open unused account sitting around in your EHR. This could allow an attacker to take control of an unused, unwatched account to steal patient information. When you have a new employee in the office, you can set up a brand-new account for this new employee. Don’t forget that EHRs have audit logs. You do not want to mix logs from your previous employee and your new employee. If you are not sure if your terminated employees’ accounts have been deactivated, contact your EHR provider for assistance. (Please note that while we used EHR software in this example, this can be referring to any software that stores patient information such as digital imaging software, billing software, etc.) An office was recently fine for not deactivating employee access to their EHR. To understand more about the importance and steps your office should be taking regarding deactivating employee access, read this.
For clients of TLD Systems, we track your terminated employees and when their access to your systems was revoked.
Conduct a Risk Analysis
To protect your patient data, you need to conduct a risk analysis to determine what the threats are to your office. This is also an OCR requirement. The risk analysis needs to be a comprehensive evaluation of the physical, technical and administrative securities in your office. It allows your office to identify what poses the largest risk to the confidentiality, integrity and/or availability of patient data and then take steps to mitigate these risks. This risk analysis must be conducted on an annual basis to adapt to the changing technological landscape and the methods used by hackers or malware to break into our systems.
If you have not conducted a risk analysis, it is time to get this addressed.
For clients of TLD Systems, we work with you to conduct the risk analysis and create a risk mitigation plan to address the risks we identified to your office.
Have questions about what your office should be doing to be HIPAA compliant? Call us at (631) 403 6687 or email info@tldsystems.com
Read Comments