5 key steps of HIPAA compliance
 

5 key steps of HIPAA compliance

on

  • 33 views

The 5 Keys Steps of HIPAA Compliance form the Compliancy Group

The 5 Keys Steps of HIPAA Compliance form the Compliancy Group

Statistics

Views

Total Views
33
Views on SlideShare
33
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

5 key steps of HIPAA compliance 5 key steps of HIPAA compliance Document Transcript

  • InarecentinterviewwithBeckersHospitalReview,OurCCOBobGranthighlightedwhatisneces- saryforhealthcareproviderstoachieve,illustrateandmaintainHIPAAcompliancein5easytoun- derstandsteps. 1.Perform a"true"riskanalysis.Tounderstandsystem vulnerabilities,healthcareprovidershavetodo aninternalriskanalysisorhireanoutsideauditortoperform ariskanalysisforthem.Toperform a "true"riskanalysis,theproviderhastobeabletosay"no,wedon'tcomplywithacertainpartofthe regulation,"saysMr.Grant.Althoughmanyhealthcareprovidersarehesitanttoadmittheyarenot HIPAAcompliant,honestlyansweringriskanalysisquestionsisnecessarytoascertainwhatasystem's weaknessesare,addsMr.Grant. 2.2.Havearemediationplan.Healthcareprovidersneedtousetheinformationfrom theriskanalysis todevelopaplantoresolveitsvulnerabilities,saysMr.Grant.Alongwiththeremediationplan,pro- vidersalsoneedtotrackthedocumentationthatshowsthenon-complianceissuewasfixed.There aretoolsavailablethathelpproviderstrackthedocumentation,andhealthcaresystemswithmulti- plefacilitiesshouldutilizethetoolstosimplifytheprocess,addsMr.Grant. 3.Havevendormanagementprotocols.Healthcareprovidersneedtohaveavalidbusinessassoci- ateagreementinplacewithallvendorstheyaresharingpatientinformationwith,saysMr.Grant. ProvidersshouldsendvendorsaHIPAAsecurityaudittoensurethevendorisincompliancewiththe HIPAAsecurityrule.Itisimportantforhealthcareproviderstoaddressallvendornon-compliance issuesbecause"ifyouactlikeanostrichandputyourheadinthesand,HHSwillcomedownonyou hard,"addsMr.Grant. 4.Updatedocuments.TheHIPAAomnibusrulerequireshealthcareproviderstohaveamanualcon- tainingcurrentpoliciesandproceduresaddressingeachpartoftheomnibusrule— suchasbusiness associateagreementmonitoringandsanctionstrategy.Providers'policiesandproceduresmustbe updated"periodically,"anditisgoodpracticetoupdatewithfederalgovernmentrulechangesor everytwoyears,saysMr.Grant."Youmaynothavetochangethemanualwhenit'sreviewed,but youatleasthavetoreviewthepoliciesandtrackthatyoudidbyatleastchangingtherevised date,"addsMr.Grant. 5.Haveanincidentmanagementplan."Everyonehasasecurityincident,it'sthenatureofhealth- care,andsecurityincidentscanhappenatanyorganization,"saysMr.Grant.Thehealthcareindus- tryreliesonphones,faxmachinesandotherelectronicdevicesthatareoftencompromisedand leadtodatabreaches.Asanincidentresponsemeasure,healthcareprovidersneedtokeepaccu- raterecords— suchasemployeeHIPAAtrainingdocumentsandauditlogs— todeterminewhatin- formationwascompromisedduringabreachandtobeabletotracktheincidenttotheresponsible party,addsMr.Grant. -BobGrant,CCOatCompliancyGroupandformerHIPAAauditor 5KeyStepsofHIPAACompliance