Most eye care practices know that HIPAA compliance is important but aren’t sure the best way to tackle it. While it might seem overwhelming, there are many common compliance blunders that are easily solved – many of these involve the use of technology in your office. We’ve put together a list of 6 common compliance issues that we see during HIPAA risk assessments, as well as some tips on how to correct them.
Did you know that if you were to get audited, the first thing you’d be asked for is documentation of your annual risk assessment? A risk assessment can be conducted internally, or you can outsource to an expert to conduct on your behalf. With the latter option, you stand a stronger chance of catching every risk, and can have policies, procedures and training documents drafted to combat those risks.
Any device that connects to your network, such as a provider’s tablet or a patient’s smartphone, becomes an access point to the network. If the network is not properly secure, this means that malware can easily infect the same network that your protected health information (PHI) is stored on. The safest option is to provide a separate network for personal use, and restrict PHI to a secure, separate network.
When a personal mobile device is used to access PHI, it can easily create security issues. Many of these devices are used on an unsecured network, such as the one at the local coffee shop, where they can pick up viruses and spyware quite easily. This malware can then access PHI, infect your network and transmit data illegally to unauthorized persons.
Shared Logins and Passwords
Many practices use one login and password on terminals that access PHI. This makes it easier for unauthorized parties to access a patient’s PHI and removes any possible audit trail to track access to those records. Such policies do not meet the expectation of minimizing PHI access to only staff members who require access.
Computer monitors are definitely one technology that is easy to overlook. What could go wrong with a computer monitor? Yet, there are many offices set up so that wandering eyes can see the computer screen from different locations. Although this violation gets little attention, it is important to configure your screens to protect them from being seen by unauthorized parties.
Printers and Copiers
PHI can be printed, however, if the document is left on the printer in a common area, it becomes a violation. In addition to this, many practices don’t realize that printers, copiers and scanners all have internal hard drives that store information about the documents printed and copied. Access to the hard drive needs to be protected through encryption and by blocking external drive ports, such as a USB port.
In any given office, there are many potential HIPAA compliance issues that the average compliance officer may not pick up on. When technology is involved, the rules can be overwhelming. Outsourcing your HIPAA compliance can help protect your practice from audits and hefty fines, providing you with the peace of mind your practice deserves.
A leading ECR Vault partner, North Shore Computers is Eyefinity’s only certified HIPAA compliance partner and provides affordable HIPAA compliance services specifically designed for the eye care industry.
Click here for more information about the only Eyefinity-certified HIPAA compliance partner.
Find out how compliant your office is with our free risk assessment tool.