As we look back over 2016, we can see that data breaches seem to be an inevitable risk. Medical information is especially targeted as it is rich in content with all the elements needed to steal your identity.
If you haven’t reviewed your HIPAA risk assessment regarding your breach response capability, now is a good time for that New Year’s resolution. The time to assess if your fire department can do its job is before your house burns down – not while you’re looking over the ashes wishing you thought about it sooner. In that sense:
- Does your HIPAA risk assessment include preparations for mitigating a breach?
- Do you have a breach response team?
- Is your IT provider capable of detecting hacks and locking down your EHR and servers if a breach occurs?
Those are just a few items to address in your “pre-breach” preparations. The last thing anyone needs is the Office of Civil Rights (OCR) paying you a visit. The OCR tends to be more punitive on those who didn’t think vs. those that did and got hacked anyway. It brings real value to the saying “it’s the thought that counts.” Hence, think about it.
Submitted by Lee McMullin, CPHRM
Senior Risk Management and Patient Safety Specialist
This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.