I Didn’t Know

 
doctor.jpg

Other Common “I Didn’t Knows”

Maybe it’s a healthcare organization that failed to encrypt a laptop or mobile device that stored patient information, or the employee who naively left a device on the front seat of his car and came back to find it stolen. The possibilities abound:

  • I didn’t know my network could get hacked by falling for a phishing scam

  • I didn’t know my managed service provider needed to be a cybersecurity expert (an MSSP), securing my servers/infrastructure & applying regular security updates

  • I didn’t know my FTP server files needed securing, with password protections

  • I didn’t know I needed to encrypt my emails containing PHI

  • I didn't know a risk assessment could help identify where PHI may be compromised

  • I didn’t know that carrying Cyber Liability Insurance is a great idea, if a data breach (or legal claims resulting from a breach) ever did occur. Technology Errors and Omissions insurance would also provide me with protection from mistakes my employees could make that might hurt my clients financially.

  • I didn’t know a screensaver that automatically locks my desktop after a period of time is needful to protect PHI

And of course, our old favorite:

  • I didn’t know post-it notes with my passwords out in the open are a (very) bad idea!

 
hipaa2.png

Do I need to be compliant?

YES , if...

  • you handle PHI to any degree. If so, you definitely need to be HIPAA compliant. And note, it’s not only Covered Entities ( health plans, health care clearinghouses, and health care providers who handle or electronically transmit PHI ) who need to be compliant, but their business associates (BAs) as well (see below). Typical covered entities include doctors and dentists, nursing homes and psychologists, as well as HMOs and company health plans to name a few. This includes Home Health Care, Physical Therapy and other small businesses that may even work from home providing patient care.

  • you are a Business Associate. Any person or entity who performs functions, services, or activities on behalf of a covered entity. Examples of Business Associates include claims processors, CPA accountants, attorneys, consultants, and benefits managers. Understand that a covered health care provider, health plan, or health care clearinghouse may also be a Business associate of another covered entity. Note: A cloud service provider for healthcare (a HIPAA compliant specialist) is also considered a Business Associate.