Minimize HIPAA Violation Risk

In the past, we’ve presented scenarios of the types of problems that lead to data compromise and HIPAA violation. Most of these are daily risks from every-day issues. Did you know there are nine separate controls you need to have in place to avoid a HIPAA violation? It doesn’t matter how small or large your business, these are universal.

The Nine Controls for HIPAA Violation Avoidance

Governance: This is policy creation for procedures and oversight, review and operation. It’s the system by which we hold individuals, departments and organizations accountable to HIPAA. Without regulation, you cannot hope to limit data breaches.

Inventory: What does your filing system look like? What percentage is paper and what is digital? How are records stored? Where are they stored? To protect records, you need to know their nature and format.

Retention: This is the legal requirement for storage, how long you must keep records, how to archive and when to destroy them. The longer you keep records, the greater the breach risk. But records destroyed too early is a litigation risk too.

Disposition: Similarly, this concerns the nature record at the end of their life. Do you destroy, archive or designate them as invaluable despite the age? As with retention, there are litigation risks with keeping these records too long.

Legal holds: Sometimes, records need keeping a little longer for legal purposes. The paper trail extends beyond the normal timeframes. You need a procedure for what to do for archived records with special legal status.

Privacy: HIPAA is a law that dictates the requirements of privacy and service user protection. Without control, there is no compliance.

Vendor management: You need a procedure for clients, suppliers and contractors who might handle or have access to sensitive data. You will be responsible for any HIPAA breach on their part.

Employees: Who has access to sensitive data? What are they able to do with it? Do they have history or experience in working with such data?

Training: It doesn’t matter how many or few employees have access to this information or how much experience they have. Requirements change; standards become lax. You need a policy for training to ensure continued diligence.

 

 

A Job Too Big?

While these nine required controls of HIPAA compliance may seem many and complex, you don’t have to take on the whole burden in your company. Record Grabber can take away some of the hard work and the data breach risk. By outsourcing your record storage and access, we can relieve you of some of these risks.

Start minimizing your risk today!