Here are some ways for you to minimize the risk of a data breach and HIPAA violations!

  1. If you believe a breach has occurred, take action quickly and decisively. Work with trusted legal advisors for them to determine if a report to the proper authorities is required.
  2. Make sure that your HIPAA compliance plans are up to date and that they are implemented by staff.
  3. Update hardware and software regularly and confirm that your practice’s IT systems can accept downloads and/or patches intended to address current cyber threats.
  4. Make sure all anti-virus and malware software is updated and scans are conducted on a regular basis.
  5. Conduct regular risk assessments that recognize, resolve, and track your IT system’s weaknesses.
  6. Implement a proper response plan that includes a “response team” including your insurance broker, practice personnel, legal advisor, and, if notification to practice patients is required a PR firm to handle media and patients. Many times your data breach insurance company can provide experience legal advisors and public relations firms for these purposes.
  7. Change passwords often. Use of automatic log-offs, screen savers, and like kind programs can be used to guard on-screen information and access to practice computers.
  8. Limit your practice’s IT system’s administrator controls to only trusted personnel. Example is practice manager, managing entity officer, and your IT person.
  9. Make sure your vendors designated HIPAA Business Associate agreements are more than just words on a piece of paper. Be sure they use encryption software and other programs that protect your data.
  10. Conduct periodic HIPAA training for all personnel as well as train all new hired employees in HIPAA compliance protocols.
  11. Be on the alert for unauthorized electronic equipment usage by staff as well as access to unsecured paper containing PHI. Make your staff comfortable reporting any compliance issues, theft or related breaches to management for immediate and proper handling.
  12. Limit the use of all personal portable and hand held devices, thumb drives, smartphones, etc. by staff. If they contain PHI it must be encrypted, as these types of devices aren’t often protected and are subject to theft or being misplaced.
  13. Health Care practices need to strongly consider data security breach insurance options. These policies offer protection at a relatively low cost. Coverages offered are notification expenses, liability, loss of business income and restoration of IT systems. Be mindful that policy forms and coverages differ from insurance company to insurance company, but make certain the coverage both electronic and hard copy data forms.

“Choosing insurance is a tremendous responsibility, and we are delighted to assist in that process. We consider your needs personally, and intelligently.”