Steps for Implementing a Successful HIPAA Compliance Plan

by Hunny Jaswal Techical Writer

Health Insurance Portability and Accountability Act (HIPAA) is to protect the Personal Health Information (PHI). All the covered entities need to comply with the HIPPA Privacy Rules and HIPAA Security Policies. For HIPAA compliance it is required that a proper procedure is followed. The steps required for successful implementation for HIPAA compliance plan are as follows:

Step 1- Select a privacy and security officer- it is essential that you company has an implementation officer. For small scale companies there can be one officer for both Privacy and security rules. However, for bigger companies the role will be required to be split between two officials. The officer in this post will be responsible for implementing the Compliance Plan. If the post is vacant in your company it will be considered that the company is non-compliant.

Step2- Risk assessment- the step is done to check your workplace and electronic devices to assess the potential risks and vulnerabilities to the integrity, confidentiality, and availability of electronic PHI held by the Covered Entities and Business Associate. The threats to PHI can be from natural calamities, human risks, fire, thefts, malicious hacking and so on. An internal officer can do the risk assessment or an outsider can be hired for accomplishing the task. If you intend to accomplish risk assessment internally then you need to have a Risk Assessment tool. The first option will be economical as compared to the second. The companies can use even the combination of the two. If there has been a breach then the companies can revisit the risk assessment.

Step 3- privacy and securities policy procedures- after the risk assessment it is required to create blueprint for achieving HIPAA compliance. The compliance plan needs to include policies and plans. The policies and procedures need to be updated regularly for safeguard of PHI. If there are any changes in the policies and plans the employees need to be trained for it. For online HIPAA certification it is required that regular updates are made for lack of information can never be the excuse for non-compliance.

Step 4- Business Associate Agreement- all businesses use vendors and contractors to help your practice run or be in business. Under HIPAA, persons or entities who are out of the firm yet access the PHI in performing services in your behalf come under the category of business associates and have a special clause in HIPAA privacy rule. Business associates can be IT vendors, email encryption, laboratories, web hosts etc. audit your business associate before you enter any contract with them. Auditing here implies to look for their Compliance Plan. The companies that have Compliance Plan should be taking as business associate. Use a Third Party agreement for HIPAA compliance.  

Step 5-Training employees- After Risk Assessment, Privacy and security policies, Business Associate Agreement, in hand it is important to train the employees. They need to be regularly trained regarding the compliance plan and HIPAA rules. Employees can be the weakest link for leaking the information and thus they need to be well trained.

HIPAA securities policies are a subset of HIPAA privacy policy. For small firms there is only one officer required for compliance. In big firms there need to be separate officer for both Privacy rule and Security rule. Risk assessment, needs to be done to check the threats that are present in the company. Then the information needs to be achieved for implementing privacy and security rules. Third parties and Business Associates also need to comply with the privacy policy or there may be non-compliance.  

Sponsor Ads

About Hunny Jaswal Junior   Techical Writer

1 connections, 0 recommendations, 15 honor points.
Joined APSense since, March 20th, 2017, From Delhi, India.

Created on May 7th 2020 08:57. Viewed 309 times.


No comment, be the first to comment.
Please sign in before you comment.