Anyone who can access protected health information is subject to HIPAA compliance. That includes doctors, nurses, receptionists, billing and filing clerks–if they can see it, they must take measures to protect patient information.
Here are ten steps healthcare providers must take to make sure they are HIPAA compliant:
- Use Strong Passwords Develop a policy for creating a password and never share it with anyone. Not even your co-workers.
- Install and Maintain Anti-Virus Software It’s not enough to have virus software, you have to make sure procedures are in place to keep it functioning and up-to-date.
- Use a Firewall Think of this as a wall around your system that keeps unwanted visitors from accessing patient information.
- Control Access to Protected Health Information Not every staff member needs to be able to gain access to your computer system. Consider a two-step authentication system for very sensitive data.
- Control Physical Access Do not leave computers or monitors in public or unmonitored areas.
- Limit Network Access NEVER allow your patients to gain access to your network with their wireless devices. If you wish to provide Wi-Fi for patients and staff, do so through a distinct network designed for public access.
- Plan for the Unexpected Keep off-site backups of important information and data in case of an emergency like a tornado, flood or fire.
- Maintain Good Computer Habits Remember to sign-off of the network when your computer will be unattended. And never write down your password and post it in your office.
- Protect Mobile Devices If you access patient information on cell phones, tablets, etc. make sure they are password-protected and don’t leave them lying around the office. These devices are small, and therefore easily stolen.
- Establish a Security Culture Have regular training about network security and make sure your staff understands that procedures will be enforced.
Violations of the HIPAA and HITECH Act can result in huge fines. Some as high as $1.2 million! Don’t put your business at risk by ignoring these ten critical steps to becoming compliant.