What is HIPAA for Providers?

HIPAA for providers, or HIPAA for healthcare providers, comes down to six elements. These elements enable providers to Achieve, Illustrate, and Maintain™ their HIPAA compliance.The six elements of HIPAA for providers are discussed below.

HIPAA for Providers: Self-Audits

Healthcare providers are required to conduct six self-audits annually. Self-audits assess the administrative, physical, and technical safeguards that your organization has in place securing protected health information (PHI).

◈ IT Risk Analysis Questionnaire: is meant to create a standard device installation and setup process across your entire organization. 

◈ Security Standards: ensures that your organization’s security policies are in line with HIPAA requirements.

◈ HITECH Subtitle D: ensures that your organization has proper documentation and protocols in relation to Breach Notification.

◈ Asset and Device: is an itemized inventory of devices that contain ePHI. The device and asset list includes who uses the device and how your organization is protecting the device. 

◈ Physical Site: each physical location must be assessed to determine if there are measures protecting PHI such as locks or alarm systems.

◈ Privacy Assessment: assesses your organization’s privacy policies to ensure that PHI is used and disclosed in accordance with HIPAA. 

Compliancy Group’s HIPAA tracking software allows you to complete all of your required self-audits, automatically identifying gaps in your business practices. We also remind you each year when it is time to update your self-audits to reevaluate your business practices, ensuring that you account for any changes that may affect the safeguards you have in place.

HIPAA for Providers: Gap Identification and Remediation

By completing your self-audits, gaps in your safeguards are identified. To be HIPAA compliant, you must address your gaps with remediation plans. Remediation plans create a framework for you to address your deficiencies, bringing your safeguards up to HIPAA standards.

Once you have completed your self-audits in our HIPAA software, gaps are automatically identified. Then our Compliance Coaches create remediation plans for you to implement, allowing you to close your gaps.

HIPAA for Providers: Policies and Procedures

Policies and procedures dictate the proper uses and disclosures of PHI by staff members. They also describe what safeguards you have in place safeguarding PHI. Policies and procedures identify your Privacy Officer, Security Officer, and Compliance Officer. Within your policies and procedures should be a section discussing how to report a suspected breach, and who to report a breach to.

Compliancy Group’s HIPAA software allows you to create custom policies and procedures with help from your Compliance Coach. The HHS requires you to have policies and procedures that are made specifically for your organization; since businesses operate in different ways, custom policies and procedures ensures that you have covered the full extent of HIPAA law. You are required to review and edit your policies and procedures annually to ensure that they are still in line with your business practices. With Compliancy Group as your HIPAA platform, you are reminded when it is time to do so.

HIPAA for Providers: Employee Training

Employee training educates staff members on HIPAA requirements, the proper uses and disclosures of PHI, how to recognize a possible breach, who breaches should be reported to, and how social media is permitted to be used. To be HIPAA compliant, you are required to conduct employee training annually.

Our HIPAA platform includes all of the required annual training. Utilizing the Guard HIPAA software, administrators are able to track each employee’s individual progress. Additionally, employees are able to legally attest that they have read and understood all of the training material.

HIPAA for Providers: Business Associate Management

To be HIPAA compliant, you must vet your vendors to ensure that they are adequately protecting the PHI that they create, receive, maintain, store, or transmit on your behalf. If you fail to vet your vendors, in the event that they experience a breach, you will be held accountable. Once vendors have been vetted, the next step is to send them business associate agreements (BAAs). A BAA is a legal document that dictates the safeguards the business associate must have in place. It also limits the liability for both signing parties in the event of a breach as it states that each party is responsible for maintaining their own compliance. Lastly, a BAA determines which party is responsible for reporting a breach, should one occur.

Our HIPAA software allows you to send vendor questionnaires to all of your vendors, assessing their safeguards. Once vendors have completed their questionnaires, their responses are automatically uploaded to our HIPAA software. Like with your self-audits, vendor questionnaires identify vendors’ gaps so that they may address them with remediation plans. If a vendor is unwilling to implement remediation plans, you should consider working with a different vendor, as you would be held liable if they experienced a breach. We also provide you with BAAs, and store your signed BAAs in our HIPAA software.