By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
As we wrap up another calendar year, getting ready for holiday break means wrapping up more than presents. Take a moment to go over a few items that you should review to make sure they are done for 2021 or ready to go in the new year.
Security Risk Assessment
A Security Risk Assessment, or SRA, identifies the risks that a business has when it comes to security exposure. In the case of healthcare, it also addresses potential HIPAA violations or risk factors that exist within the business structure.
HIPAA requires that covered entities and business associates regularly conduct risk assessments to ensure compliance with HIPAA’s administrative, physical, and technical safeguards. While this is a requirement, it’s also a benefit to your business! Conducting regular SRAs helps you identify where your organization has risks associated with your company data or PHI that you may possess, which of course, could lead to a security incident or data breach if proper protective measures are not in place.
Training
Another HIPAA requirement is to ensure that your staff goes through a HIPAA training program. Has your team completed its training program for 2021? Have you hired any new employees who may have been overlooked in the initial training process for this year? Now is also a great time to plan for 2022 HIPAA training as well. HIPAA Secure Now releases a new HIPAA Privacy & Security training course every January. This training course even includes core cybersecurity basics to help ensure that employees know cybersecurity basics and what the current threat landscape looks like. Our 2022 training will be available on January 14, 2022, and is sure to keep your employees engaged and learning! Follow along with us on LinkedIn for exciting updates around our new training course.
Certifications
Is your team up to date with all their required certifications and licenses? If not, when do they expire and what is the process for renewal? Is there a new program that you want to consider for the team outside of the required items? Including an ongoing cybersecurity training program is an option that will benefit everyone. Consider adding this if you don’t already have something in place.
Giving Advance Notice
Send out an end-of-year message that summarizes important dates for 2022. This will give your team time to plan for any potential planned time off and to plan any internal projects accordingly. Be sure to include any company observed holidays and pay dates. If you have any important company events planned, include those as well.
Legal Updates
Has anything changed in the past 12 months that should be addressed in the upcoming new year? Are there any new standards or regulations within your state or industry that will require modifications to your business’s practice and procedures? If you are a subsidiary of a larger company, have there been changes to policies or procedures that your team should be aware of? If so, be sure to identify those in your end-of-year summary email to the team.
While your company or industry may have other requirements for notifications or alerts, these few suggestions can help to keep the team humming along through the holidays and prepare you to tackle 2022. We know that you have a lot to do, and our job is keeping up to date on HIPAA and cybersecurity trends and risks so that you can focus on running your business.
This article was originally published on HIPAA Secure Now! and is republished here with permission.