How does your agency work towards HIPAA compliance?
Document Policies and Procedures
Every policy, procedure or process that affects protected health information needs to be documented. This ensures consistency across the company prepares it for any future audits or investigations.
Perform HIPAA Risk Analysis
A Risk Analysis is required of all organizations to comply with HIPAA. Risk analyses should be performed every 3 years or after any significant changes to business operations or technology systems. As required by the Security Rule, a Risk Analysis should identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI.
Conduct HIPAA Training
Training your staff annually is a vital part of HIPAA compliance. It ensures that all employees are aware of the importance of privacy and security and how to handle a breach.
Monitor Business Associates
Maintain and monitor a list of business associates and subcontractors that have access to PHI. Issue Business Associate or Subcontractor Agreements with all parties that create, receive, maintain, or transmit PHI on your agency’s behalf. Document the date the agreements went into effect, and monitor any changes throughout the partnership.