This entry is part 15 of 59 in the series Complete Guide to HIPAA Security Final Rule

(ii) Implementation specifications:

 (A) Security reminders (Addressable).  Periodic security updates.

Tell Me More:

The Security Reminders implementation specification requires covered entities to address implementing procedures for implementing periodic security updates to members of the workforce. Periodically reminding employees of their security responsibilities is recommended. Security reminders are effective for reinforcing what has been learned through more formal security training. Periodic security reminders should roll out on a regular basis (e.g., at least quarterly) to ensure the workforce is up to date on all security issues.

Questions to consider:

  • Does the organization provide periodic security updates, related to both ePHI and other PHI? If not, do they make sense for the organization?
  • What media are used and what media are best for providing the updates, e.g., e-mails, posters, memoranda, Intranet, and newsletters? The organization should consider using a variety of approaches to reinforce key security policies and procedures.
  • How are security update topics be selected and by whom? Security reminders should address problem areas? How often are security updates provided and by whom? Make sure developing and delivering periodic reminders is assigned to appropriate staff.
  • Does the organization provide periodic “refresher” training? Is this training documented? Periodic refresher courses are an effective way to make sure workforce members understand the organization’s policies and procedures address common concerns.

References:

Series Navigation<< 164.308(a)(7)(ii)(B) Standard: Contingency plan – Disaster recovery plan164.312(a)(1) Technical safeguards – Standard: Access control >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.