HIPAA Compliance Checklist

How Do I Become HIPAA Compliant?

checklist-443126_1280

September 23, 2013 is the deadline for complying with the new HIPAA regulations.  Healthcare facilities and all of their business associates have been heeding HIPAA’s rules and regulations for years, and as of September 23, entities that qualify as Business Associates, namely any subcontractor that handles protected health information (PHI), now need to be HIPAA compliant.

HIPAA Compliance Overview

The new regulations reflect the increased role technology has in the medical field. For instance, patients will now have the right to request electronic copies of privacy policies.

Here are the things business associates should have completed by September 23, 2013, to bring the facility into compliance with the IT regulations.

 

check-orangeA risk analysis assessment should have been conducted to determine the vulnerabilities and risks of
electronic PHI

check-orangeEncryption policies should have been updated

check-orangePortable electronic device policies should have been updated

check-orangeAll data should be encrypted and only sent over secure connections

 

Employee HIPAA Compliance Checklist

All the effort poured into encrypting data and writing policies will be pointless if employees do not follow the policies and heed the new regulations. Every employee of a business associate, regardless of his or her position, should be briefed on the new rules regarding PHI.

By now, your company should have:

check-orangeTrained all employees on the new regulations

check-orangeDocumented every employee’s training

check-orangeEven though all employees have been trained, it may still be a good idea to hold a brief meeting to
remind everyone of the new regulations going into effect

 

Recovery Checklist

No matter how well-prepared a facility is for the new regulations, there are bound to be breaches. People will make mistakes. The best way to handle a breach is to immediately address the issue, report it appropriately and take action as necessary.

Before a breach occurs, your company should have:

check-orangeClearly defined how breaches are to be reported and to whom

check-orangePurchased breach insurance

If all of these steps have already been addressed, then you should be prepared for the new HIPAA regulations. Ignoring these items will only lead to penalties; take action today to bring your managed services business into compliance with the new regulations.

 

Please visit out HIPAA – HITECH Resources page for links to more information or return to the HIPAA Compliance page.