HIPAA Blog

[ Thursday, January 13, 2005 ]

 

How's your risk assessment going? From Medical Newswire's e-mail alert, here's a few steps you can take to get your staff moving:

  1. Take a snapshot. Ask your staff to "take a snapshot" of their daily activities, and look at that to see what risks their activities pose to your entity's PHI privacy and security.
  2. Keep your options open. Let your staff propose customized compliance solutions. When you've already got a solution out there, let them propose alternative solutions. Give them some room to navigate.
  3. Know your limits. You've got dollar limits, personnel limits, hardware limits, time limits, etc. You can't get perfect protection, so don't think of it that way. Think about where your biggest risks are, and determine what you can do realistically in that area.
  4. Write it down. Your best defense will be that you considered the risks and were reasonable when you made the decisions you made. The only way you can prove that is by showing written evidence of that. Paper trails are your friends.

And if you're not doing/haven't done your risk assessment, you better get moving.


Jeff [6:17 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template