Home / Blog /How to Stay HIPAA Compliant: 21 Things Your Practice Must Do
Stay HIPAA compliant

How to Stay HIPAA Compliant: 21 Things Your Practice Must Do

by CompuTech City Admin Monday, 07 May 2018 CompuTech City Blog

As a managed IT provider focusing exclusively on IT for healthcare practices, we’ve conducted over 500 HIPAA compliance assessments just in the past 10 years. We see a lot of practices that just don’t know if they are compliant or not.

At the same time, audits are on the rise. The Department of Health and Human Services outsources auditing to third-party companies that are profit-based. The more these third-party companies can find wrong, the more money they make which leaves many medical providers vulnerable to non-compliance fines and lawsuits.

Many of the medical practices we talk to are worried.

Being HIPAA compliant is a complex issue, but knowledge is one of the most important pieces. We put together a list of common violations and turned it into a handy checklist for you to use in your practice. Print this out and check off the ones that apply to you – and then get an assessment ASAP so you can fix it:

1. Use privacy screens on your computer monitors. Otherwise, you put patient information at risk for exposure to other patients or non-medical personnel.

2. Enact a password policy that mandates changing passwords every 60 days.

3. Don’t store protected health information (PHI) on computer, especially if it is not encrypted.

4. Use a HIPPA-compliant email solution (quick tip: Office 365 is HIPAA compliant because Microsoft will do a Business Associate Agreement (BAA) with your practice).

5. Don’t share PHI through email that is not encrypted (Double check yours – most practices think their email is encrypted, but it is not!).

6. Physically lock up network equipment like routers and servers.

7. Promptly remove users from your network who no longer need access to your systems.

8. Enable properly configured firewalls.

9. Ensure you have multilayered security to combat system vulnerabilities.

10. Dispose of PHI properly (shredding for paper files).

11. Avoid sharing user names and passwords among staff members (even for shared workstations).

12. Appoint a security officer.

13. Run background checks on new hires and obtain non-disclosure agreements for employees.

14. Conduct annual HIPAA training for all personnel.

15. Obtain signed Business Associate Agreements from all third parties that have, or could have, access to your patients’ PHI.

16. Enable password expiry or lockout protocols after unsuccessful login attempts.

17. Physically secure all laptops and workstations (many a laptop have gone for a walk, and that’s bad news for your practice).

18. Keep spam filters and antivirus software up to date.

19. Have an adequate and well-documented backup and disaster recovery process.

20. Document file retention process and avoid unauthorized computer file deletion.

21. Most important of all: get an annual HIPAA risk assessment and follow the recommendations from the assessment (Click here to contact us for a HIPAA risk assessment ).

With so many audits happening, it’s clear that spending $1,500 to search for and address compliance issues is much cheaper than failing an audit and facing resulting large fines or lawsuits.

CompuTech City is a Florida-based managed IT services provider that focuses exclusively on medical practices and specializes in keeping you compliant and secure. Our HIPAA risk assessments include an on-site review, software analytics tools to assess the total picture and a booklet of our findings, recommended changes and an implementation plan.

Are you worried about staying HIPAA compliant? Don’t trust your network to providers who don’t know how to keep you safe from audits and fines. Contact CompuTech City here or call us at 800-641-CITY (2489).

Check out our social media:
Copyright © 2016 l computechcity.com. All rights reserved.