Self-Audits. HIPAA requires you to conduct annual audits of your practice to assess Administrative, Technical, and Physical gaps in compliance with HIPAA Privacy and Security standards. Under HIPAA, a Security Risk Assessment is NOT ENOUGH to be compliant. This is one opportunity to utilize HIPAA compliance audit software.
Remediation Plans. Once you’ve identified gaps through your self-audits, you must implement remediation plans to reverse compliance violations.
Policies, Procedures, Employee Training. To avoid compliance violations in the future, you’ll need to develop Policies and Procedures corresponding to HIPAA regulatory standards. These policies and procedures must be regularly updated to account for changes to your organization. Annual staff training on these Policies and Procedures is required.
Documentation. Your organization must document efforts you take to become HIPAA compliant, such as using a HIPAA security software. This documentation is critical during a HIPAA investigation with HHS if you want to pass your HIPAA audit.
Business Associate Management. You must document all vendors with whom you share PHI, and execute Business Associate Agreements to ensure PHI is handled securely and mitigate liability. BAAs must be reviewed annually to account for changes to the nature of your relationships with your vendors.
Incident Management. If your practice has a data breach, you must have a process to document the breach and notify patients that their data has been compromised in accordance with the HIPAA Breach Notification Rule.