As you may know, your practice is REQUIRED to do a yearly Risk Analysis to check for potential risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by the office. Since it’s the beginning of the year, it’s time to start thinking about how your office can make improvements going forward using your most recent Risk Assessment as a guide. There may be changes that need to be addressed to improve HIPAA Policies and Procedures or improve measures meeting technical and physical safeguards. These items must be addressed periodically throughout the year, not just on your yearly Risk Analysis. Sit down with your team and do an in-house risk assessment to improve your clinic.
You can use the following suggestions for your risk assessment:
- Start with last year’s recent Risk Analysis.
- Look at your office’s HIPAA policies and procedures to see if any need updating.
- Take notes on those items that need to be changed and write down their importance. Determine whether they need to be addressed immediately or can wait until your clinic is better able to handle it appropriately. As you become aware of the needed changes, adjust accordingly before your official Risk Analysis.
- If there are updates to any office policies, make sure all employees are trained or aware of those changes and updates.
- Go through your HIPAA policies and procedures for physical items that may need attention. If you find there are doors left unlocked that leads to access of ePHI, start today to ensure steps are taken to keep them locked. One of the most important things your office must do, aside from striving for quality healthcare, is to protect its patient privacy.
- Have your network administrator look over your equipment, online security measures, and back up strategies to make sure your office is not only protecting ePHI, but also following HIPAA guidelines.
- After you’ve completed your assessment, go through the items in need of updates or changes and start working through the most important ones first. Make sure your policies and procedures reflect these changes and that you have documentation of how, when and who fixed or worked on these problems. This may be as simple as a Word document, just as long as your office is being specific and providing evidence of the steps, processes and measures of these necessary improvements.
The overarching goal is to always be HIPAA compliant and keep all ePHI secure. There is always room for improvement, so keep one step ahead in the new year and be on top of your game. Your office can be protected from potential threats and liabilities later by acting proactively today! Doing so will not only save time, but potentially save money too. If you haven’t had a Risk Analysis completed over the past year, call NeKY RHIO to schedule an official Risk Analysis, as HIPAA requires this to be done annually.