Your HIPAA Compliance Guide

HIPAA is a complex set of regulations that organizations working with protected health information (PHI) are required to comply with. Since compliance consists of several components it can be difficult to navigate without help from an expert. A HIPAA compliance guide offers HIPAA beholden entities with the information they need to build their compliance program.

HIPAA Compliance Guide: How to Achieve Compliance

To achieve HIPAA compliance, organizations must implement an effective HIPAA compliance program. 

The components of an effective compliance program are as follows:

Self-audits. Organizations working in healthcare are required to conduct annual self-audits. Covered entities are required to complete six, while business associates must complete five. Conducting self-audits allows organizations to measure their administrative, physical, and technical safeguards against HIPAA standards.

Gap identification and remediation. By conducting self-audits, gaps in safeguards are identified. To be HIPAA compliant, organizations must address gaps with remediation efforts. Remediation efforts ensure that an organization’s safeguards are brought up to HIPAA standards.

Business associate management. To ensure that business associates are adequately safeguarding the PHI that they receive, transmit, create, store, or maintain on behalf of their clients. As such, organizations must vet their vendors by sending them a vendor questionnaire. A vendor questionnaire is similar to self-audits in that they assess safeguards. In addition, before working with a business associate, organizations must have a signed business associate agreement (BAA). A BAA is a legal document that dictates the safeguards that they business associate must have in place. A BAA also limits the liability for each signing party as it states that they are both responsible for maintaining their own compliance.

Policies and procedures. To ensure that an organization is adhering to HIPAA standards, they must have policies and procedures. Policies and procedures dictate the proper uses and disclosures of PHI. Policies and procedures must be customized for each organization to account for nuances in the way their business operates.

Employee training. Employee training is an essential component of HIPAA compliance. Employees must be trained on their organization’s policies and procedures, as well as HIPAA standards.

Incident management. Organizations that experience a breach are required to report the incident. Breaches must be reported to the Department of Health and Human Services’ (HHS) Office for Civil RIghts (OCR) and affected patients. If the breach affects 500 or more patients, it must be reported to the media as well.

HIPAA Compliance Guide: How to Illustrate Your Compliance

Having a HIPAA compliance program in place doesn’t mean much if the organization doesn’t have the documentation to prove it. Organizations that are subject to a HIPAA audit are asked to prove their good faith effort towards compliance. Compliancy Group’s clients have the ability to illustrate their good faith effort through our HIPAA compliance software, The Guard.

Documentation in The Guard:

Completed self-audits

Remediation plans

Written policies and procedures

Signed business associate agreements

Signed Confidentiality agreements

Employee training attestation

Clients that complete our HIPAA compliance implementation process are eligible to receive our Seal of Compliance (SOC). Our SOC is an industry recognized HIPAA verification tool.

HIPAA Compliance Guide: How to Maintain Compliance

It’s not enough to implement a HIPAA compliance program, you have to maintain your compliance. HIPAA compliance is an ongoing effort that needs to be reviewed annually, or whenever you make a change to the way your business operates.

Review policies and procedures. To account for any changes in an organization’s business processes, they must review their policies and procedures annually. If there are any changes, policies and procedures must be adapted.

Review BAAs. Similarly to policies and procedures, BAAs must be reviewed annually to account for any changes in the business relationship. If anything has changed, the BAA must be adjusted.

Retrain employees. HIPAA requires employees to be trained annually to ensure adherence to HIPAA standards and their organization’s policies and procedures.

HIPAA Compliance Guide: How to Leverage Your Compliance

Compliancy Group’s Seal of Compliance (SOC) is given to clients upon completion of our implementation process. Our Compliance CoachesTM review your compliance program to ensure that you have everything in place to be HIPAA compliant. 

Once your compliance efforts have been verified and validated by our HIPAA experts, you will receive our Seal of Compliance Package. Within the package is a letter that verifies your completion of the process. There are also instructions on how to add our SOC to your email signature and website. The package also contains a SOC certificate that you can proudly display in your organization’s physical location. For covered entity clients, the SOC shows patients that you care about protecting their PHI. For business associate clients, the SOC shows your covered entity clients that you can be trusted with their patients’ PHI. 

SOC in your email signature. Having the SOC in your email signature displays your dedication to HIPAA compliance to anyone that you have email communication with.

SOC on your website. Displaying the SOC on your organization’s website differentiates your organization. Patients, prospective patients, covered entity clients, and prospective covered entity clients that visit your website will see the SOC on your website and know that they can trust you with their sensitive information.

SOC certificate. By displaying the SOC certificate in your office, patients and clients see your dedication to HIPAA compliance, giving them peace of mind that they have chosen the right organization for their needs.

HIPAA Compliance Guide: Compliance Support

Navigating the complexities of HIPAA compliance can be difficult to do on your own. This is why Compliancy Group’s expert Compliance Coaches guide clients through the process of implementing an effective compliance program.

Guided meetings. Our team of HIPAA expert Compliance Coaches are there every step of the way to assist clients in creating and implementing their HIPAA compliance program. Through a series of virtual meetings, Coaches guide clients through our simplified process, enabling clients to implement an effective compliance program in as little as 14 days.

Audit support. Clients that are subject to an audit have full support from our team. We provide all of the documentation that you need to illustrate your good faith effort towards HIPAA compliance. Clients can have confidence that we have their back as we have never failed an audit on behalf of our clients!

Verify and validate. Upon completion of our implementation process, our Coaches verify and validate your HIPAA compliance program.