MedTech I.Q.

The Cutting Edge of Medical Technology Content, Community & Collaboration

Top Security Awareness Tips for HIPAA Compliance

HIPAA compliance is, as any healthcare professional involved in work related to it in one or another way would attest, the most important requirement for a HIPAA-governed entity. Covered Entities and Business Associates have to comply with HIPAA regulations and safeguard HIPAA provisions with their lives, so to speak, because it is a matter of their very existence as a business entity.

A look at what happens in the event of HIPAA noncompliance is instructive:

  • Fines that start at $100 and go up to $50,000 for every record, and-hold your breath-$1.5 million a year for violation of the same provision
  • Slapping of criminal charges that can land the violator in jail
  • The burden of having to prove lack of deliberate intent behind the breach in a complicated legal manner. If this is not corrected within 30 days, HIPAA assumes that the act was one of willful neglect
  • More than anything else, a black mark on the business, which is very difficult to erase

Why does HIPAA attach such critical importance to the implementation of its provisions? Simple: the PHI is of extremely sensitive and privileged nature. Breach of this vital patient information opens the information to priers and hackers who could misuse this data in diverse ways.

So, what are some of the tips that one can use to make ePHI secure and thus be HIPAA-compliant? Let me try to lead you into a few points that I hope will make some difference in helping you be HIPAA compliant:

First, understand the nature of the audit

This sounds like a no-brainer, but the most useful, top security awareness tip for HIPAA compliance obviously has to begin with an understanding of what a HIPAA audit entails. Understanding the nature of HIPAA audits and the sources in which OCR auditors find violations is the most basic and in fact, the most practical topic security awareness tip for HIPAA compliance.

The major sources of HIPAA violations are employees, meaning inadvertent errors on the part of those who handle HIPAA, Business Associates, and the nature of devices in which the data is stored. Knowing the dynamics of how to deal with these sources goes a long way in ensuring that the audit is trouble-free. The key is to understand that most data is stored in nonclinical sources such as files, spreadsheets, databases, etc. Understanding how to monitor data on these devices is a useful step.

Assign roles thoroughly and be assured that everyone has a complete understanding of their roles. Why not keep reinforcing their understanding with regular exercises? If this sounds repetitive, bring the element of fun into this and make it lively and interesting by maybe devising games or quizzes which will describe and demonstrate their knowledge of their roles.

Risk analysis

Risk Analysis is the central aspect of HIPAA compliance. Why this ranks among the topic security awareness tips for HIPAA compliance is easy to understand: this is among the primary areas that HIPAA auditors look for. The more insightful and well thought out your Risk Analysis, the better your chances of passing the HIPAA audit.

Did you, for instance, know that nearly seventy percent of data breaches involve Business Associates? When you entrust your data to a third party, be clear about what steps to take to ensure compliance from their end.

Ensure that your compliance officers and other staff in charge of HIPAA compliance are implementing your HIPAA security program in accordance with standards such as ISO 270002, the National Institute of Standards and Technology or the Health Information Trust Alliance's common security framework.


Documentation, documentation, documentation! This mantra is easily the most important among the top security awareness tips for HIPAA compliance. What is any IT system that is not documented? Any undocumented work counts for nothing, because in the view of the auditors, what is not documented does not exist. So, just any incident response has to be documented to help trace it. This is a very important top security awareness tip for HIPAA compliance to not only satisfy the auditors, but to also keep one’s own house in order.

Learn to deal with passwords right

Make it a habit not to store passwords on any part of any system on which ePHI can be accessed. This is a simple, yet often overlooked top security awareness tip for HIPAA compliance, because once someone has access to the device and accesses vital passwords, your HIPAA compliance could simply go for a toss. If you notice something fishy, hasten to change your password immediately.

Ensure the proper working of the controls

Sounds banal, but the most embarrassing situation is to be happily satisfied with the efficacy of the organization’s security controls, only to discover that it fails at just the most critical of moments, during the HIPAA audit. Keep guaranteeing from time to time that your system works fine by running mock audits.

Other simple tips

These apart, there are a few other simple, but effective top security awareness tips for HIPAA compliance:

Avoid reading out sensitive information in public, especially over phone. Many people simply assume that the unconnected bystander could have no use for this information, but one never knows! Along with these, you could keep other top security awareness tips for HIPAA compliance:

  • Change passwords frequently
  • Avoid sensitive information in shared public spaces or systems
  • Avoid changing your phone’s preinstalled security systems after HIPAA credentials have been entered into it
  • Hover over the links to any source from which you have received mails

Views: 12


You need to be a member of MedTech I.Q. to add comments!

Join MedTech I.Q.

© 2021   Created by CC-Conrad Clyburn-MedForeSight.   Powered by

Badges  |  Report an Issue  |  Terms of Service