The Benefits of Performing a HIPAA Risk Assessment

The Benefits of Performing a HIPAA Risk Assessment

by Yenny (SU)

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates that covered entities must conduct a risk assessment of their healthcare company.1 A wide range of organizations – from healthcare insurance providers to hospitals – fall into this covered entity group. While it may seem taxing and time-consuming to provide standardized training to your employees, there are many reasons doing so can behoove you. For one, it’s the law. Since 2009, Security Risk Assessments (SRAs) have been a required annual practice set forth by the HIPAA Security Rule.

Don’t wait to become a breach headline; nip breaches in bud by detecting security issues before they wreak havoc. You can’t be secure if you are not compliant; and a HIPAA Risk Assessment will safeguard your organization in more ways than one. Technology is a timesaver that has simplified the medical filing and billing processes, but it leaves the potential for leaks and hacking. A risk analysis will identify and document potential threats and liabilities that can cause a breach of sensitive data. An IT security consulting company can check all portable media (laptops), desktops, and networks to ensure they’re ironclad. IT security measures, such as encryption and two-factor authentication2, will be addressed in order to make it challenging for unwanted eyes to get a glimpse of patient information.  

Employees are the greatest threat to HIPAA compliance, so it’s important to make sure they’re well informed on how to prevent breaches. Annual HIPAA Security Awareness Training Programs provide a thorough understanding of each person’s role in preventing breaches and protecting physical and electronic information.3 HIPAA training is a regulatory requirement, many employee actions that go awry could easily be prevented. A consultant will offer tips and tricks for minimizing that risk; a few include never leaving work phones and laptops unattended, never sharing passwords or company credentials, choosing to shred files as opposed to trashing them, and overcoming the temptation to “snoop” on patient information without just cause.4   

While many of these suggestions seem like common sense, there are also many lesser known incidences that arise while working in the medical field. Did you know that you cannot access your own medical records using your login credentials? While it may seem innocent enough, everyone is required to submit a request to access medical materials. 

Don’t deter a Risk Assessment out of indolence. HIPAA Risk Assessments must be accurate and extremely thorough.  Questions about all the administrative, technical, and physical safeguards an organization has in place must be asked about.

If outsourcing your HIPAA Risk Assessment, choose a company that provides comprehensive training courses. No two companies are alike so cookie-cutter answers don’t exist for compliancy; a client-facing doctor’s office and corporate health insurance agency will require that different preventive measures be put into place. When conducting your company’s risk assessment, be sure to select a reliable company like Colington Consultants. Led by Jay Hodes, a former Assistant Inspector General for Investigations at the US Department of Health and Human Services, their team takes the guesswork out of adhering to HIPAA laws. Isn’t it time you made compliance a part of your company culture? Call 800-733-6379 for more information.

 

1HealthIT.gov

2HHS.gov

3Onlinetech.com

4HIPAAjournal.com