The COVID-19 pandemic has revealed any number of shortcomings in our readiness to face a healthcare-related crisis, and our handling of HIPAA privacy and security rules in the workplace is certainly one of them. Unfortunately, it didn’t require a global emergency to know that all too many organizations are falling woefully short when it comes to having adequate HIPAA plans and procedures in place.
Let’s just call it another unintended consequence of the coronavirus. We as employers have found ourselves often feeling more like medical providers — taking temperatures of associates and discussing symptoms — within the normal course of business. And that hasn’t even factored in issues related to an expanding remote workforce.
This mashup of responsibilities, in an effort to protect our employees and customers, serves as a clear wakeup call to sharpen our HIPAA compliance. How have all these changes impacted your HIPAA privacy and security policies and procedures?
Now might be a great time to perform a HIPAA risk assessment to connect the dots on compliance. Here are some things to consider:
- With a remote workforce, are you still enforcing your HIPAA security rule requirements related to administrative, physical, and technical safeguards?
- Facility access?
- Workstation positioning?
- Mobile devices?
- Has your workforce changed as a result of pandemic-related job loss? Do you still have the appropriately trained people in place? Do you have an appointed security and privacy officer? Who in your organization can access personal health information?
- Are all your Business Associate Agreements (BAAs) in place or do you have new vendors without executed BAAs? Are your BAAs aligned with your breach protocols (assuming you have them)?
If we’ve learned anything of late, it’s be prepared. And, trust us, now is the right time to get started.
Need help getting your HIPAA house in order? Let us know.