What is the key to success for HIPAA compliance? HIPAA requires every covered entity and business associate to have Administrative, Physical and Technical safeguards to protect the data they hold. These rules are detailed and thorough. It sounds like a lot, but it’s not complicated when broken down into steps. To make sure you have all the safeguards in place, you start with a Risk Analysis using the following steps:
- Review your HIPAA policies to make sure they are up-to-date and complete
- Provide staff training to familiarize them with the policies they need to know about depending on their job responsibilities.
- Do an inventory of all the locations of protected health information (PHI), both electronic and non-electronic, and
- Review the vulnerabilities and threats to PHI security
A security risk assessment is part of a full Risk Analysis, covering all the requirements of the HIPAA Security Rule. The Security Rule Checklist in The HIPAA E-Tool® covers everything you need. Each step is important, and together they ensure the safety of protected health information (PHI).
