The HIPAA Security Rule was enacted in 2003. Since then, there have been two major changes to the Rule, first in 2009 with the HITECH Act and most recently in 2013 with the Omnibus Ruling. But, with the pace technology moves, HIPAA has had a hard time keeping up with the changing times. Since HIPAA was proposed in 1998, there have been many significant technology revolutions that have dramatically changed the way we socialize and do business. Here are just a few:
1995 – AOL.com launches
1998 – Google founded
2004 – Facebook founded
2005 – YouTube launched
2007 – First iPhone released
2009 – Cloud computing gains traction
2010 – Healthcare providers begin storing health records electronically
Even though the HIPAA Rules may not address the changing landscape of technology, it does give you a great framework to help your company navigate these uncharted waters.
How do you stay ahead of it all?
According to Tom Walsh, in his December 25, 2015 interview with Marianne Kolbasuk McGee for Healthcareinfosecurity.com 1, the three most important things HIPAA requires you to do are:
- Conduct a Risk Assessment
- Document your findings
- Work Your Plan
Your Risk Assessment is the first and most important step. This helps you identify any holes in your security plan. HIPAA requires this, and it is the first document HHS will ask for if you’re being audited.
Once you have your Risk Assessment, you must document your Policies and Procedures — both Privacy and Security. This is how you tell your employees how they should protect PHI in your company. If you don’t have a written plan, you don’t have a plan.
No plan is perfect out of the box. Your plan will continue to evolve as you hire new employees, adopt new technologies, and expand into new business ventures. You may find a specific procedure sounded great in theory, but when implemented, it just doesn’t work. That’s OK; be sure to document the changes! The key is to listen to feedback from employees, and be flexible as long as any changes aren’t compromising your Security!
To learn more about creating a compliance plan that meets your needs, checkout our Solutions today!