The 5 Steps to HIPAA Compliance

The HIPAA Privacy and Security Compliance Program

by
RHIA, CHPS

Published on

HIPAA compliance is recommended for all organizations that access, use, create, maintain, store or destroy PHI. Even organizations whose workforce may access Protected Health Information (PHI) in networks or applications within the environment in which they are working, physical or technical, will typically need to be HIPAA complaint. It is up to each organization to do everything they can to follow both the security and privacy rules, BUT there is no reviewing body that will certify your organization as being compliant. Rather compliance is the sum total of activities and documentation that together infer you are compliant, and in doing so you are also lowering your liability for any privacy or security incidents or breaches.

The following 5 steps are a culmination of years of experience that CompliancePro Solutions™ has gathered in assisting hundreds of healthcare Covered Entities and Business Associates become increasingly HIPAA compliant. Although HIPAA privacy and security is a very complex set of rules with numerous detailed requirements to be implemented, the following is a general outline and simplification of these rules, building a foundation of best practices that have proven to lower liabilities and increase compliance:

  1. Train all workforce members who may be exposed to patient PHI.
  2. Complete a Security Risk Analysis (SRA), including creation of a prioritized Action Item remediation list.
  3. Tailor a Security Policy Manual for your organization and implement the policies and any related forms.
  4. Complete a Privacy Risk Analysis (PRA), including creation of a prioritized Action Item remediation list.
  5. Tailor a Privacy Policy Manual for your organization and implement the policies and any related forms.

Sounds simple enough, but of course the devil is in the details. It can take time to complete these steps and put your privacy compliance program in place. But once implemented, as long as you keep your training and documentation up to date and review your compliance program annually (using the latest version of your PRA and SRA), it is not difficult to remain compliant. CompliancePro Solutions are here to assist in getting your organization compliant and keeping you current with any changes in regulations. For more details about our HIPAA Privacy and Security Compliance program, contact us today.