Manage and Mitigate Risks
-
Implement Your Action Plan
Your action plan should address all five HIPAA security components. Follow your action plan and support ongoing efforts to identify, assess, and manage risks.
-
Prevent Breaches by Educating and Training Your Workforce
All of your workforce members — employees, volunteers, trainees, and contractors — need education and training to know how to safeguard patient information. Your training program should prepare them to carry out your HIPAA-related policies and procedures. Reinforce training with reminders. Above all, lead by example.
-
Communicate with Patients
A multi-pronged communications plan will help you address patient concerns about EHRs and privacy.
- Inform patients that you place a priority on maintaining the security and confidentiality of their health information.
- Address patients’ health information rights.
- Educate patients on how their health information is used and how it may be shared outside your practice.
- Follow your policies and procedures in notifying affected patients and caregivers when a breach of unsecured PHI occurs.
-
Update Your BA Contracts
Update all your Business Associate (BA) agreements to comply with the HIPAA Privacy, Security, and Breach Notification Rules. OCR offers sample BA contract provisions.
Source: HealthIT.gov