Defend Your Practice

We know any breach of the US HIPAA Rules can be severe but Australia’s Privacy Act combined with other regulations around health records amount to a very similar framework.

Any violation of a patient’s data can be unfortunate.

How Vulnerable is Your Practice?

Many medical practices are vulnerable to considerable liability due to lax privacy protocols, but focusing on all the key areas can help reduce your risks.

What a Security Audit and Plan Should Include?

Broadly speaking an effective medical practice security service should include:

  1. Update your notice of privacy practices
  2. Enlist a security and privacy officer
  3. Update and document policies and procedures
  4. Conduct staff training
  5. Standardize your end-of-day clinical process
  6. Understand breach consequences
  7. Develop standard business associate agreements
  8. Perform a security risk analysis
  9. Maintain constant vigilance

Lax Protocols

Lax protocols can dramatically affect the risk profile of medical practices, many have yet to establish a full arsenal of defenses against data breaches. The simple fact is that failure to update your protections can multiply your vulnerabilities and fines if a breach occurs.

In the US, these penalties are real and substantial, with fines of greater than $100,000 for failing to meet HIPAA’s privacy and security requirements. In other cases, fines have been assessed for the loss of thumb drives and laptops containing patient information as well as for poor compliance plans and training.

Dont Assume Your IT is Fine

Practices should not assume that information technology (IT) experts adequately enforce suitable work flow as most IT teams know little about clinical operations or procedures to support Australian standards.

Data security is not optional or a luxury. In order to meet requirements, YPO can arrange for a  review some key strategies to decrease your related risk.

360 Security Compliance

Practices make a variety of direct and implied representations about their patients’ privacy and that security compliance is in place to other practices, and a wide range of related parties. In the event of a problem, the lack of appropriate compliance strategies and processes can expose the practice to a greater level of embarrassment and penalties.