Is your staff properly trained to comply with the latest regulations?
Human error accounts for a large majority of data breaches. Training doesn’t work if it is not accurate or effective. You have to train staff properly and continuously.
Have you conducted a risk analysis for your practice?
Without performing this documented annual due diligence, you’re at risk for negligence – and some potentially hefty fees. Ignoring this can be catastrophic because the highest penalties apply in cases of “willful neglect.”
Have you updated your Business Associate Agreements?
Under the new Omnibus rules, you are liable for breaches that occur when business partners are working with your data (such as coders, billing vendors, etc.). You need up-to-date agreements that clarify the scope of Business Associate obligations and breach notification procedures.
What if a PC or device containing PHI is lost or stolen?
You’re at risk for how you notify the government and patients about breaches when they do occur and can be penalized for not having a process in place.