Asset Management Program

Nov 8, 2022 | asset management, Healthcare Industry, HIPAA Audits, HIPAA Violations, HSN, Security Reminders

Healthcare Asset Management Program

Having an asset management plan is essential to your healthcare business.  Similar to how you’d want a list of your household items for insurance coverage in the event of theft or loss, you need to know the details and access them quickly. Especially if an item goes missing or breaks.  It is likely that your IT department oversees this part of your business since it will predominantly include technology devices.  Additionally, you should be sure that your program addresses all of the requirements of the HIPAA Security Rule.

Creating an Effective Asset Management Program

The goal of the program is to maintain and track devices.  The first step would be to create an inventory list that is updated whenever an asset is:

  1. Added
  2. Retired
  3. Broken or Damaged
  4. Lost or Stolen
  5. Transferred to a new employee or location

Each item should be listed with the device name (manufacturer and model), employee(s) that use or have access to the device, date of purchase, and software details that are on the device. This allows for updates to be applied when available, or replacements to be made when the device contains a program that is no longer supported.  This will reduce the risk of a breach in multiple ways.   It is also important to track updates made to each device.  Knowing whether or not data was encrypted on a lost laptop is information you want to have easily at hand when the loss occurs. Additionally, if a developer no longer supports a program due to security risks, you would need to know which devices are using that program.

Policies & Procedures

Your organization should outline how processes are addressed if any one of the occurrences listed above takes place.  For example, if an employee loses a device, what is the first thing that they should do?  Provide employees with clear and concise steps on who to contact immediately.  Being able to remotely wipe a device is critical if it has access to ePHI. The policies and procedures should be acknowledged by everyone on the team.

Contact HIPAA Secure Now to see how we offer solutions that can help your healthcare business. We work to identify any gaps in your HIPAA and cybersecurity programs, and then provide solutions to mitigate the risk of a breach.

The post Asset Management Program appeared first on HIPAA Secure Now!.

Skip to content