The Oklahoma Department of Health experienced PHI breaches affecting 133,000 patients when an employee laptop was stolen on April 6th. The computer contained a database of 35,000 children born with birth defects. Breached PHI included names, addresses, social security numbers, medical record information and lab and test results. In addition, 50 hard-copy files of summary medical records were taken. Breach notification letters were mailed starting April 11th and the OSDH is offering identity protection services to affected individuals.
Had the OSDH taken appropriate safeguards to protect PHI, this breach would not have occurred. Compliance software is available and effective:
The Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308(a)(1) mandates a risk analysis as a required implementation specification. As evidenced by the recent fines imposed by the OCR, your organization cannot afford noncompliance. The HIPAA Security Risk Analysis compliance software includes:
· Asset Inventory Worksheet
· Risk Analysis Checklist
· Risk Analysis Sample Final
· Risk Analysis Template
· Risk Assessment Executive Presentation
· Threat Matrix Worksheet
The HIPAA Security Rule requires organizations, at a minimum, “conduct periodic internal audits to evaluate processes and procedures intended to secure confidential or protected health information (45 CFR 164.308(a)(8).” The purpose behind the audit is to determine if your organization has properly documented administrative, physical and technical security practices, policies and procedures and generally meets the requirements of the rule. The HIPAA Audit Template compliance software includes:
· HIPAA Comprehensive Audit Checklist
· HIPAA Privacy & Security Audit Report—Sample
· HIPAA Security Abbreviated Audit Checklist—Final
· HIPAA Security Audit Executive Presentation
· Information Security Audit Template
The HIPAA compliance software is available in Microsoft Word and Excel files, enabling you to modify content as required to complete your privacy policies. Your path to compliance starts by clicking here.