Tag: Compliance
Exclusion Review (HOW TO)
Part 3 of 3: System for Award Management Report (SAMS)
This one is a little bit tricky. If you need help, please give us a call.
Exclusion Review (HOW TO)
Part 2 of 3 Exclusion Review: Texas Office of the Inspector General
Exclusion Review Part 1 of 3
Texas Office of Inspector General (OIG) Exclusions
Don’t forget to retain searches for 10 years.
Exclusion Review
There are three (3) websites you are required to search before hire and monthly thereafter.
POET has tried to put together a step by step instruction to help you navigate each one. Today is:
PART 1 of 3: Office of the Inspector General (OIG)
Don’t Be Caught Unaware
Key HIPAA Security Rule components:
- Appoint a security officer: Assign someone responsible for overseeing HIPAA security compliance, which
includes managing risk assessments, audits and staff training. - Implement access controls: Limit access to ePHI to authorized personnel only, and use strong password
policies, multi-factor authentication (MFA) and user role-based access - Conduct regular risk assessments: These are explicitly required for HIPAA compliance.
Covered entities and business associates are required to “conduct an accurate and thorough
assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and
availability of electronic protected health information (ePHI).” This is often referred to as a “risk
assessment” or “risk analysis.”
♦ A one-time risk assessment is not enough. Risk assessments need to be ongoing and
periodic to ensure that new threats, vulnerabilities and changes to systems are consistently
evaluated. This should be annually or as dictated by your organization’s risk profile.
♦ Document all risk assessment processes and results to meet HIPAA audit
requirements. - Schedule regular security audits: While a risk assessment identifies threats and
vulnerabilities, security audits go deeper into validating whether your safeguards and
controls are both in place and effective.
♦ Administrative safeguards: Audits check for proper security policies, workforce
training, and contingency planning.
♦ Physical safeguards: Audits assess physical controls around facility access and device security.
♦ Technical safeguards: Audits evaluate technical controls such as encryption, access controls and
network monitoring.
♦ By conducting these audits on a scheduled basis (e.g., annually or quarterly, depending on the
organization’s size and risk profile), you can detect and address any areas of non-compliance before they
become liabilities. - Establish data backup systems: Regularly back up ePHI and store backups securely offsite
- Enable audit logs: Activate and monitor audit logs for all systems handling ePHI.
What are the Security Requirements for HIPAA Compliant Emails?
Security Rule (§164.306)
(a) ENCRYPTION: Securing email containing PHI from end to end. You may visit “The National Institute of Standards and Technology” for advice on the latest and most suitable standards for email services.
(b) Email Phishing Protection: Technology can include email filters and spam protection systems that help detect and block phishing emails before they reach the user’s inbox. Anti-phishing software solutions can detect and block phishing attempts by analyzing web traffic and identifying malicious websites designed to steal user credentials.
(c) Spam Protection: Email spam protection is a system designed to detect and block unwanted or potentially harmful email messages from reaching a user’s inbox.
(d) Virus Protection: Installed on email servers and user devices, virus protection solutions scan emails, including attachments and links in emails for viruses. The software is automatically updated with the latest virus definitions to protect against new threats and provide continuous monitoring and real-time protection of email traffic.
(e) Ransomware Protection: Ransomware security protection involves a range of measures and tools designed to prevent, detect, and respond to ransomware attacks. In addition to antivirus software, phishing detection, spam filters, and email filtering discussed above, ransomware includes endpoint protection which monitors and secures individual devices against ransomware attacks along with the entire network of devices.
LAST CHANCE
Compliance Training
There is still room at the table for POET’s last compliance webinar, November 5th, Noon.
Two topics will be represented: “OSHA for Medical Practices” and “Establishing and Maintaining a Healthcare Compliance Program”.
Come network with other Physician office managers and staff.
Get a bite to eat (you will need to submit your order for Chick-fil-a).
And concur some of that compliance training you have on your to-do list.
Call POET (936) 637-7638
Security Training Tips for Frontline Employees
The shift towards digital solutions has had a profound impact and benefit. However, it has also introduced new challenges, particularly concerning security, which is why your frontline employees need to be properly trained to ensure your business and customers are protected.
As frontline sectors continue to embrace technology, the dependency on digital tools and platforms grows. Employees now rely on various devices and software to perform their duties, from processing transactions and managing customer interactions to accessing sensitive information. Point-of-sale systems, digital customer service platforms, electronic health records, and mobile apps are now standard tools in these environments.
The Importance of Security Training for Frontline Workers
Frontline workers extend beyond emergency responders. It’s an encompassing term to describe individuals who are the first point-of-contact between a company and its customers. They can handle sensitive information, greet patrons as they enter facilities, or provide direct support when needed
Why is front line training so vital?
- Direct Customer Interaction
- Protecting Sensitive Information
- Identifying Threats
- Compliance with Regulations
- Building Customer Trust
For Additional Helps and Tips Visit: Vector Security’s Security Blog.
Is Your Medical Practice Compliant?
HOW MGMA HELPS YOU
STAY COMPLIANT
Staying compliant with ever-changing policies and guidelines can become exhausting and downright confusing. MGMA is here to ensure you can easily track your compliance and stay on top of your checklists.
Take a look at some of our industry-leading compliance resources:
Recent Comments