Achieving – and maintaining – HIPAA compliance is as complicated a venture as they come. The first question we get from many of the facilities we work with as their Managed Services Provider is where to begin with their own HIPAA compliance. Below are 5 of the most critical steps from our checklist to help you achieve and maintain HIPAA compliance. As you assess yourself, remember that HIPAA compliance is not a one-time focus. Healthcare facilities must live and breathe HIPAA compliance or potentially risk facing devastating penalties. Let’s see how you measure up:
- Perform required assessments
To achieve HIPAA compliance, healthcare facilities are required to conduct Risk Assessments and Vulnerability Assessments annually. Your goal is to identify 1) areas of non-compliance and
2) any controls that are not in place and then create a working Remediation Plan unique to your specific healthcare facility to avoid future risk. The right IT partner will help you conduct the required assessments and analyze the findings to provide you with the foundation for addressing and maintaining your facility’s HIPAA compliance.
- Develop HIPAA policies and procedures
All HIPAA compliant organizations must have up-to-date, written policies and procedures that dictate how ePHI is accessed, shared between organizations and with patients, and protected and securely stored. More importantly, these policies and procedures also need to be shared with your staff through an Ongoing Security Awareness Program, tested through routine procedures, and updated on an annual basis. Any HIPAA knowledgeable IT partner should be able to guide you in each of these areas and know which unique policies and procedures you need to address for your facility.
- Mitigate the risk
Compliance is an active, ever-evolving process, so simply establishing your policies and procedures once will not make you compliant. To mitigate your risk, you need to correct the areas that are currently non-compliant or provide documentation why the regulations are not “Reasonable and Appropriate” to implement. Your IT partner should manage implementation of these changes and monitor them closely throughout the year.
- Develop your disaster recovery plan
Planning in advance how you will access ePHI during an emergency situation is one of the most critical aspects of HIPAA Compliance. With the medical industry now heavily dependent upon electronic health records, medical organizations cannot provide necessary critical care without secure access to these vital records. A savvy IT partner will ensure and regularly test that you have a proper disaster recovery plan, including how long your server(s) can be down, how and where your data will be restored, and who should have can access to ePHI.
- Make HIPAA compliance a part of every day
In a nutshell, your facility must live and breathe compliance on a daily basis. Every staff member must know and understand your compliance policies and procedures and be able to identify and handle instances of non-compliance. In addition, you need to have an effective Ongoing Security Awareness Program to ensure that HIPAA stays top of mind and that important changes are effectively communicated. To ensure continued success, you need to make HIPAA compliance a part of your healthcare facility’s daily culture and choose an IT partner that has the ability to support and maintain these regulations.
So, how did you fare as you assessed yourself? If you’re like most Healthcare facilities, you may have found several areas you want to delve into more deeply to confirm your compliance.
These five steps will guide you through the complex process of becoming and staying HIPAA compliant. They will serve as the Compliance Roadmap for your facility to follow throughout the year. The right IT partner will be knowledgeable in all five of these areas and help ensure your active compliance.
If HIPAA compliance has you frustrated, don’t worry! We can guide you through the complete 12 Step HIPAA Compliance Checklist we use with clients and provide you with an action plan to achieve and maintain your compliance. Let us know if you’d like to explore your Compliance Roadmap together.
Progressive Computer Systems, Inc. was founded in August 1987 by Lisa Mitchell and Mark Michal in the Research Triangle Park area of North Carolina. Over the past 30 years, Progressive Computer Systems, Inc. has focused on building a professional, certified staff that is committed to excellent customer service, has established long-term partnerships with clients based on trust and integrity, and continues to provide a proactive, strategic approach to IT for all their clients. To find out more, visit www.pc-net.com or call 919-929-3080 x 228.