Professional Documents
Culture Documents
If you neglected to consider the looming security deadline when you made your
New Year's resolutions, it's not too late. This is the year you can whip your facility
into tip-top security compliance.
2. Reassess your training program. Does the HIPAA training program you
use work? Ask staff whether they feel comfortable with the general training they
receive and what other information they want. Provide specialized training for
employees who work in specific areas (i.e., network engineers, medical records
department employees, etc.)
3. Review and modify your original risk assessment and develop your
audit program. Your initial analysis should have helped determine the flow of
ePHI in your organization and enabled you to create and enforce security policies
and procedures to fill security gaps.
To make sure you targeted the correct areas, review all critical systems that
process ePHI or other sensitive information and document the purpose of these
systems and the flow of information.
Identify potential vulnerabilities to evaluate the likelihood and effects of the
risks you determined in your analysis.
Audit areas of weakness.
Determine whether the areas you initially selected are still the most
vulnerable and whether the safeguards you developed have worked thus
far.
7. Reinforce the necessity for compliance. Inform staff that you will act
against those who fail to comply with your policies and procedures. Follow
through with your warnings. Consider a no-tolerance policy. If necessary, in
extreme circumstances, terminate on the spot for security breaches.