My Career My Community

Looking Beyond Dental School

Registration is open for this new RSDM student program!

Learn More
Propel your success

We’re here to support you.

Get the tools you need all in one place. Join us for 2023 and get free membership for the rest of 2022.*

Learn More
Oral Health Coalition Virtual Summit

Oral Health Coaltion Virtual Summit

Registration is now open for the OHC Virtual Summit. Learn about the changing healthcare landscape!

Learn More
renew for 2023

Renew your membership

Continue to get the tools and support your need to achieve your goals.

Renew now
Volunteering Opportunities

Volunteer Opportunities

There are plenty of volunteer opportunities available like the one pictured! Find yours today.

Learn More

Helping Members Succeed

The New Jersey Dental Association is the voice of the dental profession and a strong proponent of oral health in the state. Members are part of a vibrant community of dentists encompassing 12 local dental societies as well as the American Dental Association. Members engage in educational programs, have access to dentist-centric relationships and tools to navigate the business of dentistry and their careers, as well as benefit from dedicated advocacy that protects the interests of the profession. The organization is run by member-dentists with the support of a team of professionals at NJDA Headquarters. NJDA members never practice alone!

UPCOMING EVENTS

DENTAL NEWS AND NOTES     Read More Dental News

4 HIPAA Data Security Best Practices You Need to Know

While the general public may not fully understand what HIPAA does and doesn’t do, you must understand your responsibilities under this federal law and the severe consequences for failing to meet them if you’re a healthcare provider or a business that supports them.

HIPAA Data Security Best Practice #1 – Where’s the PHI?

If the healthcare industry were like a pirate movie, PHI would be the treasure. Think about it–the pirates (cybercriminals) are trying to steal it because it is so valuable, and PHI earns hackers as much as 50 times more than financial records.

The first step in protecting the PHI in your care is knowing where all of it is. Are there paper files in cabinets or long-term storage? Where is your electronic PHI stored? How do you handle paper and electronic files when they are no longer needed? Is there any PHI in places we’ve overlooked (like on specimen bottles)? 

These are just some of the questions you need to consider. Creating a complete inventory of all PHI in all its form is crucial to developing an effective strategy for HIPAA compliance and data security. After all, one of the primary purposes of the HIPAA law is to protect PHI.

HIPAA Data Security Best Practice #2 – How’s My HIPAA Data Security?

Once you know where PHI is stored, you need to examine how secure it is. Start with your HIPAA policies and procedures and evaluate if they are adequate to your needs. Then determine if those policies are being followed correctly.

Part of achieving and maintaining HIPAA compliance is conducting an annual HIPAA Security Risk Assessment as required by law. If done thoroughly, this yearly activity will help you identify any technical or non-technical gaps in your compliance with the HIPAA Security and Privacy Rules.

HIPAA Data Security Best Practice #3 – Am I Mitigating My Risk

Any gaps identified in the security risk assessment must be addressed through remediation. Now is when you fix all non-technical holes like updates to your HIPAA policy and procedures, administrative safeguards, and workstation security. Then you need to close the technical gaps like user authentication, encryption, and access and audit controls for access to PHI.

Notice that we started with the non-technical side of things. So many people think that security and compliance are all on the technical side. The truth is that HIPAA compliance is following the requirements of the law and being able to prove it. The non-technical aspects of your compliance plan, like policies, are just as crucial to HIPAA investigators as how your files are encrypted.

HIPAA Data Security Best Practice #4 – Do I Have an Incident Response Plan (and is it current)?

Believe it or not, HIPAA regulators don’t expect you to be perfect. What they do expect is that you will be realistic. Breaches are going to happen.

Whether the cause is an accident, negligence, or criminal activity, HIPAA investigators will want to know if you had an Incident Response Plan (IRP) and if you followed it.

A comprehensive IRP clearly defines who is responsible for incident response and what actions they should take, including notifying affected individuals and government agencies as required under the HIPAA Breach Notification Rule.

We’ve listed four HIPAA data security best practices, but the ultimate goal should be achieving HIPAA compliance in a way that works for your organization. Our experts at Compliancy Group are willing to help you meet all the required standards and get the peace of mind from knowing you are fully compliant.

21893774073