HIPAA requires Covered Entities and Business Associates to provide “security reminders” to workforce members. The idea with these reminders is to increase security awareness — that is, to safeguard protected health information (PHI) by keeping information security “top of mind.” Your reminders should be frequent but the good news is that they don’t have to be boring.

In fact, if you provide reminders that your workforce will want to read, with attention-drawing graphics and a little humor, you can accomplish a lot with something very simple. Reminders should focus on key practices that you expect every workforce member to follow — like setting good passwords, locking screens or logging off, or reporting a stranger in the office.

<a href="https://participatorymedicine.org/wp-content/uploads/2016/10/i-clicked-what go now.jpg”>Dave Newell from Loptr LLC (listen to interview here) has shared two graphics that you can download. One that says “dOnkey…is not a good password” can be used as a screen saver or background.  It makes a simple point about password strength with an example of a very bad password. The second is a more detailed poster that you might post on a bulletin board. “I Clicked What!” uses  a comic format to hold attention while it reinforces the importance of quickly reporting possible security incidents.

Security reminders can be one of the easiest HIPAA requirements to meet, but too many providers fail to share reminders with their workforce members. You have to do it to comply with §164.308(a)(5)(ii)(A). But you should do it because frequent awareness messages remind your workforce to protect patient data.

For more information on National Cyber Security Awareness Month go to https://www.dhs.gov/national-cyber-security-awareness-month.