2014 was an epic year for healthcare data breaches. From hacking into systems, breaking into healthcare organizations, theft of portable media, and improper destruction of paper records, the healthcare sector saw the largest data breach increase in 2014. With 2015 just starting out, predictions are that healthcare organizations will see another increase in the number of data breaches. While nothing can completely eliminate the risk to a healthcare organization regarding a data breach, simple steps can be put into place to manage and oversee the privacy and security protections established by healthcare organizations. By taking some simple steps with the new year, healthcare organizations can proactively manage their privacy and security programs, and deter the potential data breach from occurring. Follow the Happy New Year steps and your organization will be well on its way to effective and efficient privacy and security management of protected health information!
H – Have a strong breach investigation process defined and implemented
A – Assure regular staff training and updates on privacy and security
P – Pay attention to who has access to what information (Minimum Necessary)
P – Proactive reviews of audit logs for software that maintains protected health information
Y – Yearly risk assessment and risk management
N – Narrow access of protected health information to only get access to what is needed
E – Evaluation of privacy and security safeguards implemented to assure they are working effectively
W – Watch how people are working to determine how they are protecting health information
Y – Yearly review of business associates and the contracts that are established
E – Evaluate the use of encryption in the organization and document why, if encryption was not chosen
A – Adequate apply proper security patches and malicious software updates
R – Regular review of all HIPAA Privacy and security policies and procedures
Healthcare organizations should no longer ignore or overlook their compliance with the HIPAA regulations. In order to prevent data breaches and protect patient information, it is important that a detailed HIPAA Governance program be established. With the start of a fresh new year, it is time to re-write the HIPAA story and manage how patient information is protected!