Key Facts About HIPAA Compliance – What You Need to Know – Part 7

Key Facts About HIPAA Compliance – What You Need to Know – Part 7

by ih-coc admin

Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules. 

Safeguarding Health Information: Building Assurance through HIPAA Security 2019

For the last 11 years, the National Institute of Standards and Technology (NIST) and the Office for Civil Rights (OCR) sponsor a conference to address the dynamic and challenging environment faced by all organizations that encounter health records or information.  The conference addresses the latest thinking on enterprise-wide risk management; emerging cybersecurity threats to the healthcare industry; management of medical devices, applications, and Internet of Things (IoT) in healthcare environments; and updates from OCR.  This year’s conference was held in Washington, DC, on October 16 & 17.

Update on HIPAA Enforcement

Serena Mosley-Day, the OCR Senior Advisor for HIPAA Compliance & Enforcement, provided this critical session regarding enforcement activities and the latest statistics.  Here are the recurring compliance issues that OCR is still seeing:

  • Patient Right of Access
  • Not having Business Associate Agreements in place
  • Not conducting the required Risk Assessments
  • Impermissible Disclosures
  • Failure to Manage Identified Risk, e.g. Encrypt
  • Lack of Transmission Security
  • Lack of Appropriate Auditing
  • Not addressing Insider Threat issues

Best Practices to Consider

Your HIPAA compliance program must be able to address all these issues as part of a comprehensive security management process.  It starts with having policies and procedures to address all the HIPAA Security Standards and Implementation Specifications.  Having an accurate and thorough HIPAA Security Risk Assessment is critical to identify vulnerabilities and threats and required.  Training the workforce on what is specific to organization for HIPAA compliance and related job responsibilities is a must. Remember to reinforce the role workforce members have in protecting privacy of individuals health information.  Cybersecurity threats must now be addressed as part of the business management process of any organization regardless of size.

Helping Organizations Achieve HIPAA Compliance™

Our goal at Colington is to help keep your organization one step ahead in making sure those tasked with maintaining or implementing a HIPAA compliance program understands the requirements.  

Have a question about HIPAA compliance? Let us know and we would be pleased to discuss it with you and perhaps also address it in this series.