Note: Your progress in watching these videos WILL NOT be tracked. These training videos are the same videos you will experience when you take the full ProHIPAA program. You may begin the training for free at any time to start officially tracking your progress toward your certificate of completion.
In this lesson, we're going to look at ways you can reduce the risks to your business as it pertains to data breaches. To this end, we'll show the 3 Pillars of Success that should help eliminate your risks and keep you HIPAA compliant. And at the end of the lesson, we'll provide you with a Word about the duties of a HIPAA compliance officer.
There are several common issues we've seen over the years that greatly contribute to you or your organization not being HIPAA compliant, which increases your risk of suffering through a data breach.
Those issues include:
So, how can you and your organization be more proactive at reducing your risks and becoming more HIPAA compliant? You can institute what we describe as the 3 Pillars of Success
The 3 Pillars of Success are:
Let's look at each of these in more detail.
Your business or organization must perform a regularly scheduled compliance risk assessment. We recommend doing this on at least an annual basis to ensure that all staff understand any changes within your organization and/or business environment that could contribute to it being less secure.
A Book of Evidence is a basic HIPAA requirement and contains all of your organization's policies and procedures on handling PHI and ePHI, including, among other things, your business continuity plan, data breach plan, and how to handle unauthorized access of protected health information.
Compliance training is an essential part of any security plan and ensures that you and your staff understand how to better protect PHI and follow all of your organization's policies and procedures.
The human firewall is the best kind of firewall, but it cannot properly function without training and education. The more you and your employees understand the risks involved and how to handle PHI, the better your organization's chances of reducing the risks of data breaches and the subsequent risks to your business.
HIPAA requires that one or more people within a covered entity or business associate is assigned the duties of a HIPAA Compliance Officer. How much work is involved depends on the size of the covered entity or business associate along with the amount of PHI involved. And in smaller organizations, it is often the case that the duties of a HIPAA Compliance Officer are divided between a Privacy Officer and a Security Officer. (Our crystal ball says that we'll be digging into these roles in later lessons.)
The typical duties of a HIPAA Compliance Officer include:
It's important to understand that HIPAA regulations do not define exactly what the duties of a HIPAA Compliance Officer are. Instead, HIPAA leaves it to each covered entity or business associate to establish their own duties according to their specific requirements.
Thus, in order for an organization to effectively establish the duties of a HIPAA Compliance Officer, it is necessary for that organization to first understand what those specific requirements are. And part of that would entail undertaking a risk assessment.