Practices should pay attention to HIPAA compliance and the Health Information Technology for Economic and Clinical Health Act because penalties have increased to a maximum annual fee of $1.5 million, according to the report. Additionally, state attorneys general can now enforce the law.
Security risk assessments performed by the practices should include establishing written policies, monitoring policies for compliance and developing a remediation plan.
Here are some examples of policy issues that can be addressed:
1. Create an access to control list and rule-based privileges
2. Don’t Sharing log-on and passwords
3. Know sanctions for international unauthorized access to personal health information
4. Implement an automatic timeout for all applications
5. Secure network and application servers
6. Use a secure, backup medium and medium re-use for logging data
7. Download of PHI to portable devices
8. Frequently review of audit log of users’ access to PHI
9. Secure smart phones and laptops
10. Employ data encryption, archiving and deletion
11. Do a data integrity control audit
12. Make an annual review of business associates’ agreements and compliance
Read the AAOS Now report on security risks.
Read other coverage on security:
– Windows XP: The End of an Era and What it Means for Your ASC
– Connecticut Attorney Brings First HIPAA Suit Under HITECH Act
