HIPAA Security Measures, HIPAA Security, HIPAA Breaches

HIPAA Security Measures: Managing Risk in Your Practice


August 8, 2020 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Implementing HIPAA security measures to manage risk in your practice has never been more important. With the rise of healthcare breaches, the success of your practice comes down to your HIPAA security measures.

Assessing Your HIPAA Security Measures

There are several questions to address when determining whether or not you have adequate HIPAA security measures in place. HIPAA security measures ensure the confidentiality, integrity, and availability of protected health information (PHI). The following questions will help you manage your risk by determining areas in which your security measures may be lacking.

1. Have you conducted your annual self-audits?
Self-audits assess your organization’s safeguards against HIPAA standards. This is an important aspect of HIPAA security as it identifies vulnerabilities in your safeguards. Identifying vulnerabilities allows you to create remediation plans to bring your safeguards up to HIPAA standards and avoid HIPAA breaches.

2. Do you have documented policies and procedures?
Policies and procedures dictate the proper uses and disclosure of PHI, the security measures you have in place securing PHI, and the proper measures to take should you experience a breach. Your policies and procedures must be documented and reviewed annually to account for any changes in your practice’s operations. Implementing policies and procedures reduces your risk as they provide standards for protecting PHI.

3. Have your employees received their HIPAA training?
All employees must be trained annually on HIPAA standards and your organization’s policies and procedures. Employee training is a key component to managing risk in your practice as employees are aware of how they may use and disclose PHI.

4. Do you have signed business associate agreements with all of your vendors?
Any vendor that creates, receives, transmits, stores, or maintains PHI on your behalf is considered a business associate. To ensure that your business associates have proper HIPAA security measures implemented, you must vet your vendors and have them sign business associate agreements (BAAs). BAAs dictate the security measures your vendors are required to have in place and require them to manage and maintain their HIPAA compliance.

5. Are your devices that touch PHI encrypted?
All devices that have contact with PHI must have reasonably appropriate HIPAA security measures in place to secure sensitive data. In most cases, reasonably appropriate security measures refer to encryption. Encryption is the most secure method for securing your data as it masks data making it readable to only authorized users possessing a decryption key.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Telepractice: Telehealth Law & Ethics Implementation Workshop

Comply with federal, state, national accreditation and association requirements for telehealth documentation.

Therapist AI & ChatGPT: How to Use Legally & Ethically

Immerse yourself in our highly-engaging eLearning program and delve into the uncharted territory of Artificial Intelligence (AI) in Behavioral Healthcare!

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...