Privacy laws are nothing to sneeze at. In particular, the Health Insurance Portability and Accountability Act (HIPAA) rules have far-reaching implications for businesses. And, because U.S. Department of Health and Human Services (HHS) regularly audits businesses for compliance, you need to make sure your HIPAA security is up to snuff.
With the increase this year in the number of HIPAA audits being performed, it’s more important than ever that you’re ready. There are a number of ways that being audited for HIPAA compliance can affect your company, not the least of which include:
- •Fines or other penalties, up to and including a mandated suspension of business activities.
- •Civil lawsuits that result from violations of HIPAA security uncovered during the audit process.
Accordingly, you need to be ready for when it happens. You need to have a compliance expert regularly checking not only to be sure that your company’s policies are in line with HIPAA rules and regulations, but that the proper HIPAA security procedures are being followed within the company at every turn.
Here’s a quick list of best practices to keep a HIPAA security audit from shutting you down:
- •Maintain solid data management and security policies.
- •Maintain compliant password policies.
- •Use encryption for personal health information; while this isn’t required by HIPAA, it will certainly help reduce your risk.
- •Encryption should apply to databases, files, images, scans and more.
- •Develop and implement a disaster recovery plan that addresses HIPAA security requirements.
- •Consider bringing in an independent HIPAA security compliance auditor. She can help identify potential areas of vulnerability before you’re faced with government auditors who are most decidedly not trying to help you out.
There was a time when following privacy rules meant keeping doors and filing cabinets locked. Today, you need to be much more diligent and prepared for the worst.