Our program starts with your staff performing an audit of the current status of your office, looking at physical, technical and administrative issues. We provide you with guidance on the process of this audit. We then analyze the results of your audit and provide you with your risk mitigation plan. We also provide you with a customized HIPAA Security Manual that documents your policies and procedures that you will have available for any member of your staff to review.
During this process we ensure that you do have a policy for important items such as Disaster Recovery, Security Incident Response, and Downtime Contingency Plans among other policies and procedures required by the HIPAA Security Rule. We then augment the process with regular online educational webinars to help ensure that each and every member of your staff understands their responsibility under the HIPAA security Rule. We consider this program to be analogous to teaching a man to fish. Think about the old adage, give a man a fish and he can eat for a day, teach a man to fish and he can eat for a lifetime.
By empowering you, your office is in a better position to make the correct day to day decisions that will reduce the chance of a HIPAA breach. Remember most HIPAA breaches are the result of human error, not IT breakdowns. The more involved your staff is in the process of HIPAA compliance the less the chance that they will make a mistake that results in a significant HIPAA breach.
Each year you need to review the security readiness of your practice in relation to changes in the environment and changes in your office. And yes there should be changes in your office based upon implementation of the risk mitigation strategy that was recommended in the previous risk analysis. By having this regular process of analysis, education and risk mitigation, you have the documentation necessary to present should your office ever experience a HIPAA audit.