Essay about Security Compliance

966 Words Oct 8th, 2014 4 Pages
HIPAA Security Compliance

When a hospital is first starting out they need to make sure they have HIPAA security compliance in place so they can protect themselves from fines and help protect the patient’s information. Some things that the hospital should implement in order to be compliant with HIPAA are; policies and procedures, compliance process, and a tracking mechanism. The first thing would be to have policies and procedures in place. If the hospital is going to go with EHR or electronic health records they need to have a policy in place that specifies how grant access, terminate access and how it should be used. They need to make sure that they know that a policy “is a set of statements, including decisions, and a policy
…show more content…
Since the hospital will not have a compliance office to help maintain the upkeep of HIPPA security compliance the hospital could outsource to third party companies and have them come in and do audits on the hospital to make sure they are compliant. It will be better to spend the money to have someone come in and do an audit versus DHHS coming in and doing the audit and getting fined a ton of money for something being wrong. The next thing with HIPPA security compliance is the tracking mechanism. The tracking mechanism is going to be used to determine how well the compliance process is working. It is kind of like a book keeping tool for the compliance process. It is going to track and keep the results of your training process. This way the company can tell if they are doing a good job or if something else needs to be done. This also can be used to help track audits that the company has done in order to make sure their HIPAA security compliance is up to date and working well. Some training processes the company is going to want to track would be the patient authorization process how is the company verifying it is the correct patient, patient complain process; how is the company dealing with company complaints and how are they handling the complaint, access to any patient records it could be the patient itself or a doctor but might not be the primary

Related Documents