- For
a start follow the guidelines and rules set by HIPAA.
- Keep
all paper Medical Records under lock and key and make sure non-authorized
personnel have no access to it.
- Destroy
any paper records which are passed their required storage date or
digitized and no longer needed.
- Install
an antivirus and firewall software on all your PCs and Laptops and also on
your internal network. If possible keep only limited internet access on
your internal network.
- Computers
should not be facing the waiting room or any direction where
non-authorized people can view it, use password locks when away.
- Always
log out of the EHR system when leaving the computer.
- Do
not use social security numbers as a unique patient identifier.
- Patients
have the right to revoke access to any Health Information Network your
practice may be part of. Ensure you have proper written consent/consent
forms filled when sharing information with anyone.
- Change
your passwords as mandated by the Guidelines. Ensure that passwords are
not exchanged or written/posted in places where other can see. An employee
of the practice making such a mistake can have big repercussions for the
whole practice.
- Portable hardware containing data should
be kept secure and locked away when not in use.
- All
hardware should be kept in a clean environment and with minimum or no
access possible to non-authorized personnel.
- Train all staff members on data security
policies and procedures. Make sure everyone in the practice understands
and observes the policies and procedures for protecting patient health
information.
- Make
sure your staffing policies and procedures are up to date. If an employee
leaves the practice, change the user’s status to inactive.
- Review
audit trails periodically. Reviewing audit trails can alert practices to
potential system abuse or misuse.
- Have
a disaster recovery procedure. Accidents happen, stuff breaks, the weather
isn't always cooperative. You need to be prepared for everything that
happens.
- Make sure your data is backed up every
day.
- The
computer that stores the patient data must be encrypted.
- The
server should be kept in a locked room with limited access.
- Keep
a list of third party vendors that interact with your practice. Make sure
they sign a NDA or some kind of agreement that states the third party
vendor won't disclose any information in your practice.
- Designate
someone as a "security officer" or someone who is in charge of
making sure the practice is HIPAA compliant.
- All
employees should be wearing badges or something that identifies them as
someone that works for the practice.
- Train
the staff on proper internet use. Going to non-work related sites is incredibly
risky.
- If
a patient's name is stored somewhere that is not in an EHR system, there
cannot be anything that identifies that person as a patient.
- If
flash drives or any external data device is used in the practice, make
sure that device stays within the practice and only plugs into computers
that are owned by the practice.
- In
the event that your computer shows signs of being infected, stop what
you're doing and tell the security officer right away.
- Flash
drives or external media that was found on the ground should never be put
into your computer. Who knows what is on that media.
4 comments:
Following Health Insurance Portability and Accountability Act is must that affect every aspect of healthcare services, even including the medical billing services.
I like that the first tip is to follow the guidelines and rules set up by HIPAA. If you are going to get passed the risk assessment, you are going to through them. I would rather play by their rules than try to cut corners. Cutting corners are when people get in a lot of trouble. http://www.mindsetconsultinggroup.com/what-we-do/scientific-consultation/risk-assessment-expertise
I liked the content on this site. Would like to visit again.
IT Support VA
thank you for sharing the information. Great post.
Medical Coding Jobs for Pharmacy Freshers
Post a Comment