What HIPAA says you should do
You are responsible to ensure the confidentiality, integrity, and availability of all private health information (PHI) you create, receive, maintain, or transmit.
You must:
- Protect it against any anticipated dangers to its security or integrity.
- Protect it against any anticipated uses or disclosures that are not permitted or required.
That means you need to:
- Identify what kind of PHI you process
- Consider how it moves inside and outside your company
- Consider what threatens its security (the dangers you anticipate)
- Evaluate your current security safeguards
- Assess the likelihood of a breach of your safeguards
- Put a plan in place to reduce the likelihood until it's low
- Make a reasonable amount of effort to implement the plan
When evaluating vendors, ask them to tell you how they assess and control risk. Never do business with a vendor who's standard is lower than what your clients expect from you.
If you follow this process, audits will be easy, and you won't spend more money than necessary.
I hope you found this valuable
I send out an e-mail whenever I publish new content. It's free. No spam. Unsubscribe whenever you want.