By Steve Spearman, VP of HIPAA Compliance Services at Healthicity
When we look at all of the high profile HIPAA breaches that happened in the past year, it’s easy to think that HIPAA breaches only happen at large practices, or at least that they only happen to other large practices. Of course, just like in everyday life, it’s easy to think that a security breach cannot happen to your practice until after the breach has happened. But what do you do in that situation, after the breach has already happened? Well, we know of an article that will give you a good place to start. Jennifer Cohen, an attorney at The Health Care Group, Inc. and Health Care Law Associates, P.C., recently wrote an article for Physician News Digest, talking about what to do after a HIPAA breach involving a stolen device. While her article goes into more detail, here are her three main steps, along with some added take-aways that we think will be useful.
- Conduct a risk assessment. This will tell you whether or not this incident really is a HIPAA breach.
- Figure out who needs to know. This will always include the people directly affected by the breach, and the Department of Health and Human Services.
- Review how the breach happened. Once you’ve assessed what went wrong, you can learn from those past mistakes, and be ready for next time.
But of course, you don’t have to wait around for a HIPAA breach involving a stolen device to find the weak points in your PHI security. Having a risk analysis will go a long way in making sure your PHI is secure. If you would like to know more about the basics of what a risk analysis is, and why they matter, here is a link to a Q&A article on risk analyses that we wrote last year.
This article was originally published on Health Security Solutions and is republished here with permission. Steve Spearman hosts HIPAA Chat, a show produced by HITECH Answers airing on our Internet radio station, HealthcareNOWradio.com. Learn more aboutHIPAA Chat or download podcasts of the show. Find out more about attending the next taping of HIPAA Chat and ask your questions directly to Steve.