As we end our series called “Compliant or Complacent: How to Upgrade Your Routine,” you must remain uncomfortable and concerned about:
Cybersecurity and breaches are a hot topic.
Unfortunately, what worked years ago will not be effective in protecting patient information currently. News reports are consistently talking about cyber-attacks on healthcare more than any other industry. Even though it appears larger entities are at increased risk, even smaller practices must prepare for a possible attack.
The first step is enacting an appropriate checks and balances system immediately. Remember, you can’t protect your practice against cyber-attacks if you lack the education about the subject.
It is ok to depend on your IT team. But doing your own research is a must, so you can be involved in the protective measures they are enacting within your practice. Once you are informed, you can share this with your team through scheduled training sessions.
The following are ways you can increase your knowledge about cybersecurity and breaches:
The ransomware fact sheet and cybersecurity checklist share pertinent information about how to prevent and respond to an attack. Both should be printed and used as a quick reference.
The HIPAA Breach Notification Rule requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Familiarize yourself with the requirements and create policies and procedures to address this rule.
The HHS and OCR released this updated web tool on July 25, 2017. The tool features provide education about breaches, a mechanism for reporting incidents, and tips for consumers. HHS and OCR will continue to improve the tool’s functionality and features.
Is my practice compliant or complacent?
I know this question is tough to answer. It will require you to reflect on past decisions and challenge you to see things you don’t want to deal with. But the answer will save you from excessive government investigations, audits, public scrutiny, and financial woes.
Just because your practice appears successful and payments are flowing in regularly doesn’t mean you’re compliant. Audit, update, and monitor your compliance program regularly. Celebrate wins, but staying a little uncomfortable after the win will take your team to the next level.
Complacency is a dangerous place to be. If you don’t believe me, watch or read the news where you find organization after organization subject to government take-downs.
Don’t lose sight of your entrepreneurial dream due to complacency. Protect your practice. Your legacy depends on it!
**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties. Research, modify and tailor the advice to fit your specialty.