The best way to break down what HIPPAA is and does is from an article written by Bicscobing and Sutner, titled: “HIPAA (Health Insurance Portability and Accountability Act)”, which states:
“HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The law has emerged into greater prominence in recent years with the proliferation of health data breaches caused by cyberattacks and ransomware attacks on health insurers and providers….
HIPAA defines a business associate as any organization or person working in association with or providing services to a covered entity who handles or discloses PHI or personal health records (PHR). Examples of business associates include accounting or consulting firms that work with covered entities, such as hospitals or doctors, or any number of other organizations that have or could have access to PHI or PHR.”
In the ever-growing number of data breaches, it’s up to organizations to stay current on HIPAA training and ongoing updates. Let’s look at some tips that can be implemented into your business to help make and keep you HIPAA compliant.
1. Familiarize Yourself with HIPaA Terminology
This may go without saying, but the more you know, the better off you are. Taking some time for a refresher is always a positive and will help make you and your business staff more knowledgeable about the do’s and don’ts of HIPAA.
Here’s a great definition index article that covers HIPAA AND HITECH terms.
2. Get a HIPaA Business Associate Agreement Signed
This rule is simple. If you have access to PHI, outsource services that contain PHI, or partner with someone who will have access to PHI, you need a BAA in place with the individual or organization. The BAA not only aims to protect patient sensitive data but aims to cover all parties involved in the handling of patient sensitive data. If you don’t have these in place, do so now. If you do, review your BAA to make sure it matches your current HIPAA policies and procedures.
Need a sample BAA Agreement? Check out this free version from DHHS.
3. Consider Using Gmail Business (G-Suite) for All Email Correspondence
The main reason for this is that G-Suite supports HIPAA compliance and offers safe PHI permitted services through core functions like Gmail, Drive, Sites, Keep, Calendar, and more. For $5 per user, you can ensure that you and your organization is handling PHI appropriately on the communication and cloud storage end.
For more information on the G-Suite and HIPAA, check out their implementation guide.
4. Invest in Workforce Training
Like any business, training for your organization or even for yourself is highly beneficial for performance, awareness, and professional structure. With HIPAA training, there is no official certification to obtain, however the premise is to closely follow the guidelines as much as possible. We recommend implementing a variety of HIPAA training resources such as – using an online HIPAA training course, developing a HIPAA policies and procedures handbook, developing a HIPAA crisis management plan in case of breaches or emergencies, and participating in professional development workshops for your staff.
Ready to go digital with your HIPAA training? Check out HIPAATraining.com for more info.
5. Add Extra Security with Two-Factor Authentication
Cnet describes two-factor (2FA) as an extra step to your basic log-in procedure. Without 2FA, you enter in your username and password, and then you’re done. The password is your single factor of authentication. The second factor makes your account more secure, in theory.
Basically, this feature helps keep your accounts secure, limits the probability of having PHI compromised, and can usually be found in account settings. It is worth to know that not all programs or services offer this feature, so be sure to regularly change your passwords to help offset this.
We recommend using the services’ 2FA feature, but some third-party 2FA services include – Duo Security, Google Authenticator, Microsoft Authenticator, and more.
More HIPAA compliance tips to consider…
- Get insured or see if your insurance covers breaches
- Conduct a security risk assessment on your organization
- Add a confidentiality email signature
- Send all PHI through encrypted email and avoid using unsafe websites
- Make sure your computers are up to date and secure with antivirus protection
- Set your organization up with a free HIPAA toolbox
Resources & Credits:
“Any trademarks, logos, or links (sources) used throughout this blog are the property of their respective owners.”
Disclaimer:
“This article is a tool we use in efforts to improve security and compliance with HIPAA, PCI, GLBA, and state privacy laws. It is not legal advice, nor is it meant to represent entire guidelines of what must be done to achieve compliance. The recommendations in this article are meant for informational purposes only and should not replace a legal opinion or review from a qualified privacy and/or security expert. Users of this article are encouraged to research and implement data protection and legal compliance according to their own interpretation.”