If you are an employer who has access to health-related
records, such as workers’ compensation claims, it is vital that your HR
department is aware of HIPAA compliance and the safeguards required as well as
have an ongoing risk management process in place.
Established in 1996, HIPAA has evolved
to protect more
than the personal health information of people moving from one job to another.
It now covers the access, communication, and storage of healthcare data under a
law that specifically defines Personal Healthcare Information (PHI) as
information from 18 identifiers that can link the health status, provision of
healthcare services, and payment for such services to an individual. In order
to protect PHI, areas that employers can pay close attention to include:
Constant monitoring to ensure compliance involves setting up
a risk management strategy to monitor procedures and the security environment. Not
only will you be able to detect risks promptly, you’ll also be able to
implement an effective response that minimizes downtime and keeps PHI secure.
External components can also impact compliance with HIPAA
such as determining whether HIPAA or other data-protection and privacy laws
apply when collaborating with any tech vendors that have access to your health
plan data. This means that it is important to review vendor compliance to
mitigate any potential violations.
Do you have a social media policy? Do employees understand
the consequences of sharing information, even if it is accidental? This also includes the
use of wellness tools, mobile apps, and emerging technologies that can have an
impact on HIPAA compliance.
Staying on top of changes can be time-consuming and demanding, however both the U.S. Department of Health and Human Services and the Office of the Inspector General offer training and materials to assist your team with monitoring potential oversights and safeguarding employee information.
Wouldn't it be a good idea to create a course?
