HIPAA Blog

[ Wednesday, June 29, 2005 ]

 

Ideas from Medical Newswire: I get free emails from Medical Newswire's HIPAA Wire service (along with some others), and they often contain some pretty decent HIPAA tips. Take this one, for example:

"Don't wait for a major breach to uncover your personnel's malicious activity. Use this simple step-by-step guidance to develop an audit control process that will spot illegal behavior before it ruins your compliance effort.

"Step 1. Define Standard Operations: Before you can evaluate your employees' behaviors, you must define what's normal by figuring out exactly how you operate, says Matt Johnson, a HIPAA security consultant for AltaPacific Technology Group in Fresno, CA.

"Step 2. Determine Abnormal Behaviors: You must pin down the types of behavior that you'll consider anomalous. Next: Set up your audit controls to recognize those anomalies and notify you when they occur. "Most practice management applications have the built-in ability to log and record this information," Johnson says. But you must ensure you turn each of these controls on, he stresses.

"Step 3. Consider Random Versus Specific Audits: A policy that warns your personnel that you will audit their activities on a random basis could be the perfect deterrent to malicious behavior, experts note. However, "we prefer to act on suspicions because it allows us to be more specific with our audits," says Greg Young, information security officer for Mammoth Hospital in Mammoth Lake, CA

"Bottom Line: No matter how you set up your audit process, you must explain to your staff members what you expect from them -- and what sanctions you'll apply if they violate your policies and procedures, Johnson stresses."

Interesting stuff.

Jeff [1:27 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template