Ok, hold on…
Let me add – Probably.
Shall I start over?
How about this…I’ll bet your HIPAA training is woefully insufficient.
I’m basing this statement on some basic observations.
One of the first questions we ask is: do you have a designated HIPAA Security Manager?
If so, the follow up is: What formal HIPAA training does this person have?
Generally some vague answer to online training is supplied.
The next few question in our risk assessment clarify that either the training is no good
the person has not put any effort into what they learned.
What do I mean?
Well, if you have been through some formal HIPAA training you’d know some basics like:
The office should have a set of HIPAA policies…
The office should have a disaster & contingency operations plan…
The office should have a business associates agreement…
The office should have the notice of patient privacy readily available…
Oh, there’s more.
It is time to stop just checking boxes and take HIPAA compliance seriously…or…it could get ugly.