Administrative Safeguards are a special subset of the HIPAA Security Rule that focus on internal organization, policies, procedures, and maintenance of security measures that protect patient health information.
HIPAA Defines Administrative Safeguards
What are administrative safeguards?
The Security Rule defines administrative safeguards as, “administrative
actions, and policies and procedures, to manage the selection, development,
implementation, and maintenance of security measures to protect electronic
protected health information and to manage the conduct of the covered
entity’s workforce in relation to the protection of that information.”
The administrative safeguards comprise of half of the HIPAA Security requirements. As with all the standards in this rule, compliance with the Administrative Safeguards will require an evaluation of the security controls already in place as well as an accurate and thorough risk analysis. Tier3MD can assist you in providing a comprehensive Security Risk Assessment.
Some examples of administrative safeguards are:
Policies and Procedures – a good example of this would be how you document when an employee is either hired, or terminated. A good policy might include information such as: Who goes into the EMR and disables the user? Who called the IT Department and had access to the network revoked? Who will receive their voicemails? Will someone pick up their emails? If they are terminated, who walks them to the door, takes their keys, recalls their cell phone, takes any key cards they may have, etc.? All of this information needs to be documented in a well thought out policy.
Staff Training Programs – When you hire a new employee, do you do HIPAA awareness training? Do you do any type of refresher training over the course of a year? How do you update your staff on new policies and procedures?
Auditing and Monitoring – Do you have any type of monitoring on your EMR for login attempts and failures? How about on your network? Do you monitor any social networking pages? What is your audit policy? Do you check to see what people are doing on your network?
Employee Confidentiality Agreements – When hired, do your employees sign any confidentiality agreements? If so, is this process documented? How would you enforce this if you had too?
If you need a HIPAA Security Assessment, click here.
Other ways to find Tier3MD – medical practice IT support, IT support for medical practices, medical IT, IT support for your practice, Healthcare IT support, EMR Support, Outsourced IT support, Medical IT support and service, Cardiology Support, OB-GYN support, Pediatric Support, New practice setup, Disaster recovery services, HIPAA services, HIPAA risk assessment, HIPAA security assessment, computer support, computer services