With all the current focus on the change to ICD-10 and Meaningful Use Stage 3, it can be hard to focus on anything else within your practice. However, the anticipation of change is no excuse to get lazy when it comes to other industry regulations like HIPAA compliance. Staying up-to-date with your compliance procedures is vital for avoiding unnecessary breaches and the costly consequences that come along with them. If it has been a while since you've looked at your office procedures relating to HIPAA, now is the time to give them the attention they deserve. Here is what not to do.
How Not to Keep Your Eyecare Practice HIPAA Compliant
Don't Maintain Your Employees
You are required to have all of your staff trained in HIPAA policies and procedures, so if you are failing to ask for documentation or train any new staff members before they are exposed to patient information, you are breaking compliance. Maintaining compliant employees is more than just training new hires; if you aren't monitoring your current staff, you have no idea if they are breaking policies. Some red flags to keep an eye out for are visible passwords in work areas and unprotected sensitive patient information. It is also important to revoke patient information access and change passwords anytime an employee leaves your practice.
Don't Conduct a Risk Analysis
If you fail to conduct a risk analysis, or if you just document it and then file it away never to be seen again, you could be failing to identify key compliance problems in your practice. Take the time to complete and review your analysis and document any big changes like new EHR software, switching locations, or changing IT centers. Your practice should be reviewing this document at least once a year, but you might find it necessary to review it more often.