5 Steps Toward HIPAA Security
Ensuring security of electronic personal health information (PHI) is tough. A more stringent HIPAA Security Rule and news of PHI breaches raises anxiety in billing offices.
Healthcare IT News recently interviewed Mahmood Sher-Jan, vice president at ID Experts. In a copyrighted story, “5 Best Practices for HIPAA Security”, he shares these tips:
- Take a PHI inventory. Sher-Jan told Healthcare IT News an accounting of every element of PHI an organization holds proves a valuable starting point. This helps to identify all the information that needs to be secured.
- Perform a HIPAA security evaluation. Sher-Jan recommends evaluating your organization’s security policies and procedures to assure they’re up-to-date. This means reviewing them for security in anticipation of external and internal events and changes.
- Conduct a HIPAA risk analysis. He suggests assessing the risks and vulnerabilities to the integrity of electronic PHI. Identify the threats, including those of emerging electronic media such as social media.
- Have a mitigation plan in place. Determine preventive measures to protect your electronic PHI. Have a compliance and mitigation plan that includes all aspects of the HIPAA Security Rule.
- Create an Incident Response Plan (IRP). Sher-Jan says this is the best way to meet HIPAA and HITECH requirements.