Before you rush headlong into 2020, you might want to take a pause. In the next couple of weeks, take time to evaluate how well your HIPAA compliance program has run this year and what you can do to make it stronger in the new year.
To help you evaluate and plan ahead, we suggest reviewing the following four areas of your HIPAA program:
- Security Risk Analysis (SRA). Though you don’t have to conduct a full SRA every year, it’s always helpful to annually review your most recent SRA. Your review can be specific to a department that has a greater level of risk due to human factors, such as your pharmacy or logistics department. Or your review can look at the mitigation steps you took last year to see whether they’re still appropriate or need to be updated. Make sure you document your SRA review for your records.
- Policies and Procedures (P&Ps). Similarly, the transition between years is always a good time to review your P&Ps for validity. Are your P&Ps still current? Has there been any changes to your operations or environment that your procedures should reflect? How often you should review policies depends on whether there were any changes to your operations or departments, as well as the size and complexity of your organization.
- Access Permissions. Take an inventory of who has access to your information systems and review it against their role. Do they have appropriate access to carry out their job duties? Or do they have access to too much? Very often, we see organizations give access to an employee but fail to modify it when the employee changes departments. Clearing this up before the new year begins can prevent inappropriate access later in the year.
- Workstation Use. Before 2020 rolls around, consider how your employees use their workstations. Sometimes employees can become so comfortable at work, they begin to treat their office computer like their home computer. It’s important that everyone understands the boundary between personal and professional use and that their workstation can be monitored. Consider giving your team a friendly reminder before the holiday season ends.
As 2019 winds down, review your SRA, P&Ps, access permissions, and workstation use to help you strengthen your HIPAA program in the new year.