To help physicians, David Ginsburg, president of PrivaPlan Associates Inc., a consultant specializing in HIPAA, prepared a white paper for the California Medical Association on "Practical Steps Practices Can Take To Ensure HIPPA Compliance. Ginsburg writes that "most medical practices feel they have done all they need to satisfy HIPAA requirements" and are "reluctant to dedicate precious resources to additional compliance efforts."
He urges physicians to "routinely review system activity and conduct technical audits to monitor suspicious activity. Your practice management system should have auditing capabilities to track employee activity and patient accounts."
"A number of gaps can expose medical practices to patient identity theft and violation of state laws," he writes. "It is more critical than ever that physicians review their current policies and procedures" to determine if upgrades are necessary. The best defense, Ginsburg advises, is "not to have a privacy or security violation occur."