5 Things to be Aware about HIPAA Compliance 2015
Although HIPAA compliance is a subject that affects many businesses, it’s not necessarily something that people willing want to spend their time focusing on. However, just as it’s crucial for a business to follow all IRS guidelines, the same goes for HIPAA compliance. And the good news about this topic is it’s not necessarily as daunting as it may initially seem.
When it comes to avoiding running afoul of HIPAA guidelines, one of the most important things is to stay up to date about new changes. Since there are new changes that get implemented from time to time, we thought it would be helpful to cover five things to know about HIPAA compliance 2015:
- Safe Harbor. The term Safe Harbor applies to HIPAA’s Final Breach Notification Rule. What this term means is in the event of a breach, a “covered entity” ensures that PHI was not disclosed. The key to properly complying with Safe Harbor is to take the necessary upfront risk assessment steps. While doing so require an investment of time and resources, not putting off this task is the best way to avoid steep fines in the event of a breach.
- Encryption isn’t the Complete Solution. A common mistake that companies make in regards to HIPPA compliance and the cloud is assuming that encryption takes care of everything. While encryption like AES-256 is vital for achieving and maintaining compliance, it’s just part of the bigger picture. Strong policies for encryption key management also need to be in place for everything to work properly.
- Remember to Monitor Data Access. Simply put, you need to have a way to monitor who has access to your data. If you currently aren’t equipped to know when an intruder is trying to breach your system, this is an issue that you need to remedy as soon as possible.
- Mobile Apps & Devices are Subject to the Same Guidelines. While mobile apps and devices are shaping the future for many companies, it’s important to remember that mobile solutions & offerings are subject to the same HIPAA rules and regulations. Although this reality shouldn’t deter you from charting your future course with mobile, it does demonstrate the need to do so in a well-planned manner.
- Be Sure Employees are Trained on Company Policies. HIPAA compliance isn’t something that should exist in its own silo. While it makes sense to have dedicated team members focused on this task, it’s a topic that needs to be communicated to your entire organization. The best way to communicate important topics like security awareness and HIPAA compliance responsibilities is to ensure that you have a formal annual training program in place.