HIPAA Audits and HIPAA Training for ePHI Compliance

It’s always important to know what you don’t know. That’s especially true when it comes to HIPAA compliance, because what you don’t know can hurt you.

To discover what is missing from your HIPAA security, it’s important to perform audits with the help of a company like Accountable (AccountableHQ.com).

Steps To Maintaining Security

Select a Tool

AccountableHQ.com is the auditing tool we’re talking about today, and it's an excellent option. We have found it very useful and appreciate how thorough it is, especially when it comes to employee training regarding HIPAA standards.

Assign a Specific Team Member

“I thought someone else was taking care of it,” is not an acceptable excuse for the Office for Civil Rights (OCR), the division of Health and Human Services (HHS) tasked with enforcing HIPAA compliance. It’s vital that you have a Data Privacy Officer (i.e., HIPAA security manager) who is responsible for safeguarding the ePHI in your care. Depending on the size of your organization, you might require a team to keep security up to the necessary standards.

Set Up a Schedule and Adhere to It

Security is never done. You could have an incredibly secure website at launch, only to have it vulnerable to multiple attack methods a year later. Hackers—whether using bots to attack your data or using more manual methods—are constantly changing their tactics. This means performing regular audits to assess the most vulnerable spots in your security.

Review and Complete Remediations

Just finding the vulnerabilities isn’t enough; once you have a HIPAA security checklist, you have to fix them. Once the problems are identified, your Data Security Officer should fix the problems or assign the fixes to other team members. They should also put plans in place to address any social engineering problems with all employees that have access to medical records.

HIPAA Employee Training

Accountable is an excellent resource for training employees on the basics of HIPAA. Many employees are understandably intimidated by the hundreds of pages that make up the 1996 act of Congress and all of its updates. Accountable provides concise information about the primary points of HIPAA so that your employees know what they can do—and what they shouldn’t do—under HIPAA law.

It’s a double-edged sword: You don’t want them so afraid of HIPAA that they don’t do their job thoroughly, but they also have to know when they might be going too far with ePHI. Accountable can provide:

• Individual Accountable logins via an employee portal
• Security awareness training
• Video tutorials
• Explanations of the HIPAA Security and Privacy Rules
• How to recognize protected health information
• What can and can’t be relayed in unsecured messages such as emails and texts
• When it’s okay to access HIPAA-covered information
• Definitions of ePHI, EMR, EHR, etc.

Accountable’s Additional Offerings

• Accountable HIPAA Certification – While there’s no HIPAA certification offered by HHS, OCR, or any government body, there is cachet in having certification from a well-respected company such as Accountable. Once you and your staff have completed certain steps, you will be given a certification badge that you can put on your website, portal, and/or app.
• Proof of Intent – Using a service like Accountable provides a paper trail showing that you have taken steps to fix any security issues, and it also helps you track the progress you’ve made. This can go a long way to placating the OCR if you end up suffering a security breach, since it shows you were moving toward industry best practices.
• $100,000 Guarantee – While not technically insurance, Accountable has a $100,000 guarantee in place if you suffer a breach after following their instructions and remediating problems. There is fine print, of course, but it shows that they have skin in the game and truly believe in their service.
• Data Breach Monitoring – Accountable checks the dark web and can alert you if employee credentials are found. For example, if employee email addresses, logins, and passwords are found for sale, Accountable will alert you so that passwords should be changed. This is yet another way that you can rest easy at night, knowing that you’ll get alerts whenever such problems arise.
• Guidance and Concierge Service – When problems are found, Accountable has online resources to give you advice about how to fix the problems. If the problem is out of your skillset, certain Accountable plans provide concierge service to guide you on the steps to fix the problem.
• Tracking BAA – Business associate agreements (BAA) are the legal documents you sign with third-party vendors if they are responsible for protecting data. A BAA might be signed with the HIPAA compliant web hosting provider or a security firm tasked with providing upkeep for your security measures. Accountable offers a single location where you can keep this information and ensure that it’s up to date.
• HIPAA Policy – Accountable has excellent templates for a turnkey approach to creating HIPAA policy paperwork. While it’s still a good idea to have your lawyers look at it and make changes specific to your HIPAA eCommerce business, this eliminates the need to create a policy from scratch.

Find a HIPAA Developer

Data security is important, but HIPAA website compliance adds a layer of problems coming from every angle. Attacks must be addressed from outside your company, while employee training addresses the problems that can occur within.

When you’re looking for a HIPAA developer, it’s best to go with a partner that has seen the problems HIPAA creates and has already come up with solutions to deal with them. We’d love to show you how we’ve tackled the issues that arise with HIPAA security, so get in touch with Clarity. We’ll give you a complimentary discovery session and provide you with a plan to move forward with HIPAA-compliant portals, apps, and websites.