HIPAA Security: Are You Still Secure?
Cyber security is a hot topic among the .govs now so more than ever. COVID has brought to light some challenges with software updates. IT staffing, and staff turnover. Chiropractic practices that were HIPAA security compliant and protected now may not be.
What do you as a practitioner need to remember about HIPAA security? You have heard it before but regular reminders are a great idea to ensure you are consistently implementing cyber security best practices.
- Look for and know vulnerabilities. Where could you be breached? Put in place policies and procedures to protect against them.
- Where do you start? gov has provided a Security Risk Assessment Tool. This should be completed yearly. The first time may take a little while but an annual review IF you are following your security policies should be super quick.
- Only use supported software and regularly Install updates. Software patches are just that a patch to the security of the software once a hacker has found a hole. Keeping hackers out is a constant fight where they find a hole and the software companies patch it up. This is why regular updates are a necessity. This is something that is worth paying a monthly maintenance fee for a professional. Many local IT companies do this for you at an affordable fee.
- Use passwords and when appropriate 2-factor authentication. Change password whenever there is a staffing change.
- ALL workstations should go to sleep when not in use and require a password to come back online.
- Company machines should only be used for company tasks. This will protect from ransomware. NEVER click on an email that asks you to or on a funny cat video.
- Frequently train staff.
Breakthrough Coaching has many resources to help you through this process.
- Risk Assessment Tool – step by step instructions to complete the Risk Assessment
- HIPAA Security policy & Procedures – All the policies the risk assessment tool asks if you have in place
- HIPAA Security Audit – audit of the practice to grade yourself on if you are following the policies
- HIPAA Security Reminders to train staff – monthly 5 min training for staff to remind them of the HIPAA security requirements