Last week it was announced by the Department of Health and Human Services that it will receive a $50,000 settlement from an Idaho organization. The agreement came after allegations the group lost a laptop with health information for 441 patients. Read the article here.
What happened? Someone lost a laptop that wasn't encrypted. And that happened in 2010. There have been a lot of changes in how you manage your company's data since then. You probably have implemented an EMR system (or maybe you're in the midst of implementing one right now). Your team may be using more mobile devices to manage patient care.
It's not too late for you to review the areas you may be at risk, and do something about it! What are some of the things you should be thinking about regarding HIPAA compliance?
- Vendors and Related Third-Party Agreements
- Assignment of Information Security Responsibility
- Data Destruction
- Security of Unattended Equipment
- Security Control Testing
- Information Backups
- Equipment & Software Inventory
...just to name a few. There's so much more for you to check and manage.
Our team at VCPI can work with you through a HIPAA Security Risk Analysis to understand all the components and discover where you could be at risk. At the end of the engagement, you'll receive a report and list of recommendations for you to do.