In last month’s issue of Endnotes, we covered the “why” of HIPAA compliance. Now let’s consider the “how.” How exactly do you review your HIPAA privacy and security compliance program and ensure that all the requisite bases have been covered?
Know Your Obligations
Your first step is to identify all your legal requirements. For privacy and security purposes, these are enumerated in the HIPAA Privacy, Security and Breach Notice Rules. You need to identify each requirement that must result in some “end product.” Depending on the requirement, that could mean a documented policy or procedure, a set of security reminders, training programs, a complaint process, an incident response plan, etc. If you’ve never asked a lawyer to review your program to determine whether each of these end products is addressed, this might be a good time to consider that step.
Please see full publication below for more information.