Welcome to the November module of HIPAA MMM. As you complete each activity, please print and place the completed documents in your HIPAA Manual in a location you will remember and be able to easily locate if needed.
Instructions for the routine repeated monthly QUICK CHECK review audit
It is advised that every month you do this same QUICK CHECK audit by using the following audit tool and place any written updates in your HIPAA manual – make sure to review the QUICK CHECK every month as items are added periodically based on changes in focus and enforcement activities within the federal government.
Below are the Instruction to correspond with each item on the Monthly Audit List;
1. If yes, perform a risk analysis for that device, as you did for the devices when you prepared your original risk analysis from the Survival Kit or by copying the format for the risk analysis used in the Silver or Gold program originally provided for you (you can also use your Survival Kit as a reference/templates) Add this newly prepared document to your HIPAA manual.
2. If yes, then remember to document what you did to assure that the device had no patient health information /electronic data remaining on it (i.e. had a service clean the hard drive, destroyed the hard drive, shredded information –if paper etc., at the time of disposition).
3. If yes, remember to have them sign an employee confidentiality form and assure that you perform a full HIPAA training within 45 days of hire.(Remember; You can use this training video Annual Staff Inservice or there is an audio training in the Survival KIT that can be paired with giving your new employee a copy of your office HIPAA policies and having them sign off that they agree to read, understand and abide by those policies to satisfy this training. Don’t forget to document this in your HIPAA manual.)
4-8. Regardless of the specific customized evaluation/review/audit you will perform THIS month, due to the increase in Ransom ware, it is advised to assure and document that all patches, updates, firewalls, antivirus, malware etc. are current and installed on at least a monthly basis.
9. Again, especially due to ransom ware, the required HIPAA contingency plan, most especially focused on the area of data recovery, has become a major center of attention. One of the key components is that your backups are readily available and your data can be restored in the event of an attack on your patient data that shuts down your main computers etc.
Monthly security reminder
It is required, by HIPAA law, that you issue periodic security reminders to your workforce. The law does not define periodic, but an authoritative source has stated that once per month should be adequate for most physician offices.
Your monthly security reminder -for distribution to your workforce is provided-remember to document that you distributed such to all of your workforce including volunteers, part-time employees, family members who help out ‘here and there’, etc. etc. as this is a required component of the HIPAA law…” You must distribute periodic security reminders to your workforce”.
Download Security Reminder Doc
Activity for this month:
Download the document provided below and please complete the audit for both the Compliance Officer and your Business Associate Agreement.
Download Compliance Officer Audit Doc