HIPAA Compliance Series - Part 1 - Intro And Staff

Since HIPAA Compliance is such a hot topic in the medical industry these days we are going to put out a HIPPA Compliance series for those practices that are having trouble figuring out exactly what needs to be done to protect their clients and how to become compliant. While compliance steps vary from practice to practice the core ideas are the same. Many doctors, family practices, dental offices, etc all have similar feelings when it comes to HIPAA Compliance. We hear many of these feelings all the time. Many practices simply do not feel the security steps HIPAA requires are necessary. Most of these feelings are due to a lack of understanding of the security risks involved. With identity theft as rampant as it is in today's technology computer and network security is extremely important. There are other factors that can play a huge role in your clients safety as well like your employees.

Many times when a computer gets infected by a virus it is caused by careless behaviors when browsing the Internet, opening emails, etc. Viruses and other forms of malware can be particularly risky as they can come in many forms. The various forms of malware can range in severity but many programs can collect data and send it back to the attacker or even give them remote access to your computers! There are numerous points that need to be examined carefully at a practice to ensure that compliance is being met. This series is going to break those points up into small groups to allow you to think about each group individually and potentially point out some issues you may not have considered. To begin to make your practice HIPAA Compliant the first core point to examine is, do you actually understand why computer/network security is important? If your answer to this question is "because if it was my private information I would want it kept privately and would want to know that it is safe" then you are on the right track. In the most general sense the whole idea of computer security is that the data is kept safe from exploit and that it is kept safe from loss. HIPAA goes beyond just your practices network though which we will go into more detail about in a later blog post in this series. As long as you understand that computer/network security is extremely important and you make a conscious effort to ensure your practices computers and network are secure you have already completed the first step towards compliance; An understanding that security is necessary and must be meticulously documented and changed as risk changes. If you understand that security is a necessity for your practice the next step towards compliance is making sure your staff and others within your practice take security as seriously as you do. After all, your network's security is only as strong as the weakest employee in the organization. If you have an employee that does not care about security and sweeps any potential issues under the rug, your practice will still be very insecure. To ensure your employees remain compliant according to HIPAA you must have written security policies in place that include training processes and how employees are to be reprimanded in the event of policy violations. Training your employees in security is an extremely important part of compliance. Untrained or poorly trained employees pose a serious risk to practices. Most employees do not truly understand the security risks and have bad behaviors they learned since they began using computers. These bad behaviors put your clients at risk and must be changed through education. Ever wonder why it seems like IT guys don't ever get computer viruses or other infections. That is because they know what behaviors are risky and know how to avoid them. One of the most common security issues aside from malware is unattended computers. In the busy medical industry having employees just walk away from a computer and leaving it open for everyone to see is a very big security risk and should never happen. There are security steps that can be implemented to help mitigate these issues as well because everyone knows people can make mistakes. The other common issue we see everyday is employees either sharing passwords or not having passwords on computer systems at all! Passwords are a very important part of compliance. They allow you to more easily control who has access to what network resources and allow you to easily cut off access if need be. Not only does each employee having their own account help control allocation of resources on your practice's network but it allows for the ability to have logging in place. Logging makes it much easier to see what exactly has been going on on your network. Like footsteps in sand, logging makes it possible to see where the person has been. The next post in our series will start to touch more on the actual core steps to HIPAA Compliance beyond your employees now that you understand how important it is for you and your employees to understand security. For more information or to schedule a meeting with one of our engineers contact us on our website.

#MedicalPractice #MedicalITSupport #HIPAA #NetworkSecurity