Although it seems hard to believe, we’re nearing the new year. This means it’s time for your practice to have an up-to-date, effective compliance program. If you want to prevent your practice from scrutiny from auditors and hefty fines, look no further. Here are some quick tips on creating and maintaining an effective privacy compliance program:
- Your compliance program should address specific areas including: lack of appropriate safeguards for patients’ protected health information (PHI), impermissible use of patients’ PHI, difficulty with patient access to PHI and inappropriate disclosure of PHI
- It’s extremely important for practices to perform regular self-audits to ensure privacy policies are being followed. Begin this process by reviewing procedures you already have in place to make sure they’re compliant with recent updates.
- Your policy should address PHI stored on all electronic devices and should note the employees who have access to it.
- Check with your business associates to make sure their policies regarding PHI are in compliance. Also, make sure your HIPAA policy is up to date- this applies to business associates, too (see here for more information about business associates and HIPAA).
- Make sure all usernames and passwords are secure. Longer passwords with different characters are the most secure. Never use personal information in a password. We recommend you change passwords every 90 days (see here for more information about securing safe passwords).
- Have a policy centered around employee training with a detailed record of how often staff is updated about any relevant changes
- Evaluate any potential risks with a written assessment
Stay tuned to our blog for more compliance tips!