compliance checklist 1

HIPAA Checklist for 2023

Strengthen your compliance by focusing on these top priorities in 2023. Learn the most efficient way to accomplish the most to keep patient data safe and avoid enforcement issues.

Update Your HIPAA Risk Analysis

A top enforcement priority of HIPAA regulators is the annual risk analysis. A security risk assessment is key, but the full HIPAA risk analysis is more comprehensive, addressing your organization’s physical layout, staffing and the human resources side of compliance. For a deep dive on the security risk assessment part, see how The HIPAA E-Tool® organizes the Security Rule Checklist.

A Risk Analysis should be completed annually, documented and archived. For a jump start on how to get this done, see HIPAA Risk Analysis Checklist

Review Your HIPAA Policies

You may find policy changes are required based on what’s discovered in the Risk Analysis, so do that first.

HIPAA policies and procedures need to be up-to-date. Make sure yours reflect current HIPAA regulations. Later this year you may need to modify your policies because changes are coming. But for now, review them to make sure they’re in sync with current law and then the changes will be easier to make in coming months.

Strengthen Workforce Training

Staff are both the strongest defense and weakest link when it comes to protecting patient data and maintaining compliance.

HIPAA requires training and it should be tailored to fit the person’s job responsibilities, so it is not one-size-fits-all. Everyone should receive cybersecurity awareness training, but beyond that, make sure staff who work with patients understand, for example, the patient right of access rules, a top HIPAA enforcement priority. The person responsible for evaluating PHI breaches should be trained on the breach notification rule and have the right procedures in place to manage and report breaches.

All staff should receive training when they’re onboarded and periodically afterward, at least once a year.

Prioritize Resources for IT Staff

Review whether IT staff has the resources needed to maintain cybersecurity in top shape. They should be receiving the most up-to-date information about health data security – this changes rapidly but there are critical resources available, from HC3, CISA, HHS and the FBI. None of these resources are trying to sell you services and they are dependable with news you need to know about how to protect data. They publish alerts, warnings, and detailed guidance about how to respond to specific threats. Here is an example of one from HC3 published earlier this month about Royal and BlackCat ransomware threats to healthcare.

Business Associate Due Diligence

Healthcare business associates are priority targets of cyber thieves because they usually have multiple covered entity customers and have so many more files or bits of information in one place.

Make sure you know which of your third party vendors are business associates, or if you are a business associate, do you have subcontractor business associates? Conduct your due diligence and review whether you have up-to-date business associate agreements (or subcontractor BAAs) in place with each.

The HIPAA E-Tool® Can Help

An efficient, modern easy to use tool that automates compliance and teaches you what you need to know is waiting for you.

But if you just have a question about how to improve compliance, let us know. You don’t have to buy anything to ask a question or watch a demo. We can help.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Big HIPAA PRIVACY RULE Change in...

Days
Hours
Minutes
Seconds