Since the majority of healthcare providers fall under the heading of being a covered entity, and therefore must adhere to HIPAA regulations regarding Protected Health Information and individually identifiable health information. This means they are required to have measures in place to provide security for that information in their possession, whether it is stored in paper charts or in their facility’s computers. Every healthcare facility must have a person that is the designated Privacy Compliance Officer. Even if it is only two people employed, one of them will need to be the Privacy Compliance Office. It is that important of a position. This person must have a good understanding of the HIPAA regulations regarding PHI, as well as the …show more content…
This should take place at least a couple times a year, and more often than that for larger practices. As always, staff must receive training about the issues discovered and any new policies put in place to address them, as well as each employee’s responsibilities in the implementation of them. Disciplinary actions that can be imposed on employees who violate these policies should also be addressed, with each employee signing something indicating they have received the training, as well as education regarding procedures and discipline for not following …show more content…
These are a different type of security and privacy assurance than the PCO is responsible for. Administrative safeguards include things like the policies and procedures for the entire facility regarding access to and management of PHI. For example policies regarding employees stepping away from their computer for a bathroom break would state that they need to be sure that while they are away from their desk the PHI cannot be viewed by unauthorized parties. A procedure that would address this policy would be that any employee stepping away from their computer must log out of the system and/or shut the screen down. Another way administrative safeguards help protect the privacy and security of PHI is to include language in contracts with third parties such as clearing houses that they will have their own protections in place to meet the requirements of HIPAA and HITECH that the providers must be in compliance with and will notify the provider if there is a breach of security in their system. There must be a contingency plan in place to deal with natural disasters, loss of power, and other emergency situations. There must also be a regular back-up of all electronic data that also meets all necessary security