There are three basic steps every organization should take to be HIPAA compliant:
1) Conduct a Risk Analysis. A Risk Analysis is the first requirement of the HIPAA Security Rule, and it is also a core requirement for Meaningful Use. A Risk Analysis provides a map to HIPAA compliance. Every organization subject to HIPAA must conduct a Risk Analysis and remediate gaps it identifies. Failure to conduct the Risk Analysis is a major HIPAA violation subject to fines and loss of Meaningful Use incentives.
2) Implement HIPAA documentation. Every medical practice is required to have updated HIPAA documentation, including policies and procedures, Business Associate Agreements, and the Notice of Privacy Practices. Few providers realize that documentation must be updated to reflect the requirements of the HIPAA Omnibus Final Rule of 2013. Note that documentation is included at no additional charge with Continuous Monitoring.
3) Complete HIPAA training. Every staff member who comes into contact with Protected Health Information must complete HIPAA Workforce Training annually. This brief, affordable training will help staff to understand the law’s requirements and provides practical advice on preventing breaches. The law also requires every covered organization to designate a Security Officer, a staff member who helps to ensure compliance. This individual should complete more comprehensive HIPAA Security Officer training.
For a complete HIPAA solution at a significant discount, consider our HIPAA Complete Compliance Bundle. SNC Squared provides all of the services you need to become HIPAA compliant. Please feel free to contact us at (417) 622-0933 with any of your HIPAA questions or support needs.