One of the more common situations we encounter with new clients is recognizing their documented policies don’t reflect their actual operations. Where this becomes most clear is when a new client has a policy for password requirements that says it resets every 45 days, when the actual setting is every 90. These are the types of inconsistencies that make you less cyber secure, but also vulnerable to HIPAA penalties.
It’s easy to see how these situations occur. An IT person may have made the change at the request of an administrator, but unless one of them updates the policy, it will be incorrect and you can be fined for that. In other cases, for HIPAA compliance, for example, perhaps policies were obtained by one vendor and another vendor handles the risk assessment. If those policies don’t get properly implemented, in coordination with your other vendors, then you’re violating basic cybersecurity principles and you’re not HIPAA compliant.
If you want to work with a leading end-to-end HIPAA compliance company, please call us, we are happy to be of service.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.