BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Implementing the appropriate safeguards to protect patient's health records can be complex for health organizations. In large healthcare facilities the availability of a compliance officer ensures the presence of professionally trained individuals who install and monitor the necessary safeguards to ensure compliance.
For smaller medical practices it can be challenging to navigate through the technical and administrative compliance requirements of HIPAA. For that reason, the Office of the National Coordinator for Health IT (ONC) developed two Web-based HIPAA training modules. Now live, ONC designed these exercises to assist small medical practices with the challenges that are often faced when responding to privacy and security concerns.
The training modules are set up in a game format that requires users to choose a response to several scenarios, with correct answers scored 10 points each. Questions vary from the technical side of HIPAA to the administrative. It's more than a tabletop brainstorm: Many of the game scenarios ring realistic. They provide insights into common issues small healthcare provider offices face.
The National Institute of Standards and Technology (NIST) also offers online resources and tools that can be downloaded and used to assist in reviewing HIPAA's many and varied requirements. The NIST tools come in the format of questions both on technical and administrative topics; each focuses on a different requirement.
While the site ONC offers provides some insights on how to handle some security challenges, it is imperative to remember that all organizations small or large must ensure that they comply with all of HIPAA's privacy and security rules. Failure to do so could put a practice at risk for financial penalties as well as legal turmoil and negative publicity arising from any breaches.
Reda Chouffani is vice president of development with Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email firstname.lastname@example.org or contact @SearchHealthIT on Twitter.
OCR issues HIPAA audit protocol, signals imminent audit process