Most dental offices have taken steps to conduct an initial risk assessment. The Health Insurance Portability and Accountability Act security rule requires that covered entities (i.e., your dental practice) conduct a risk assessment of their business.
The HIPAA risk assessment helps your business to comply with HIPAA’s administrative, physical and technical safeguard requirements. It also helps you to identify areas within your business where Protected Health Information (PHI) might be at risk. If you’ve taken the step to complete your first risk assessment, that’s a great start.
But, did you know that the HIPAA risk assessment is more than a onetime requirement? Would you be surprised if I told you that one of the requirements of the security risk assessment process is to monitor and regularly reassess your office environment to determine if new risks are present?
The risk assessment should be a consistent process that’s taken to continually improve the security of, and reduce unwanted access to PHI.
Some of the most important times to complete risk assessments are when changes are made to the technology, operations or workflow of your business environment. Two key things must be part of this process. First, review your existing security policy statements and implement new policies to address new PHI risks. Second, statements are not enough; you must implement new policies or processes to ensure new risks to PHI are mitigated.
Examples of new processes to mitigate a new risk to PHI can be administrative, physical or technical in nature.
For additional information or ideas on how to mitigate particular risks associated with PHI, contact Steve Newton at the Digital Dental Record at 800-243-6475 or another HIPAA compliance expert.
