The document outlines five steps to achieving Health Insurance Portability and Accountability Act (HIPAA) compliance: 1. Complete a risk assessment to identify vulnerabilities and design a compliance plan. 2. Collaborate with stakeholders across departments to develop appropriate privacy and security standards and prevent non-compliance. 3. Craft comprehensive policies that reflect HIPAA regulations and address required and addressable specifications. 4. Review purchases of IT and medical equipment from a risk management perspective to ensure security standards are met. 5. Develop a culture of accountability where departments collaborate to maintain compliance and address issues.

1. Five steps to achieving Health Insurance Portability and Accountability Act
(HIPAA) compliance
Anita Jones
MHA 690 Health Care Capstone
Instructor: Sherry Grover
May 27, 2013

2. I. Complete a Risk Assessment
Prepares an organization with a precise design regarding HIPAA compliance
Exposes strides to strategize toward compliance
Must comprise all mechanisms that generate, store, maintain, or transmit
ePHI
Fine-tuning the password policy, repositioning, covering, or utilizing a privacy
screen for the monitor
Devices not network-connected are not exempt from HIPAA privacy / security
regulations or the risk of compromise

3. II. Collaborate with Stakeholders
 Necessary among decision-makers for rewarding and
continuing changes to privacy /security regulations
 Protects against insufficient or unlikely standards
 Every department furnishes beneficial input to selecting the
proper mechanism and exposing all possible shared risks
 Accountability factor – discourages blaming within
departments

4. III. Craft Policies that Reflect What you Want to Accomplish
 Standards linked to HIPAA regulations must be system-wide and
satisfactorily encompassing
 Policy development and application must be a shared force
throughout numerous hospital departments
 Compose a comprehensive, hospital-wide procedure including
allowances for added degrees of protection

5. III. Craft Policies that Reflect What you Want to Accomplish
 Required specifications - needing proper evaluation, protections, and
obligatory applications per HIPAA Security Rule
 Addressable specifications - must be assessed for implementation and may
not be needed for risk reduction i.e., encryption (is broken with a password)
 Do not administer unfeasibly demanding self-regulation when privacy
policies are sufficient at a lesser level.
 Worse than having no policy is an unenforced policy

6. IV. Review Purchases of IT and Medical Equipment from a Risk-management
Perspective
 Request an adequate amount of decision-makers with the aim of emotion
being forced out by logic
 Consider financial matters when making capital-purchasing decisions i.e.,
buying price and total expense of ownership
 Consider security standards –is it built into the merchandise? How to connect
it to the network?
 Updated software is central to safeguarding privacy /security

7. V. Develop a Culture of Accountability
 Accountability beckons in return to collaboration
 Inspire departments to foster the practice of conveying difficulties
 Diligent efforts to achieve / maintain HIPAA compliance initially will
prevent catastrophic fines later
 Advance planning with collaboration reduces errors
 The occurrence of a breach is a learning opportunity for future
improvement

8. References
Reber, E. (2011). Five steps to achieving HIPAA compliance. Biomedical Instrumentation &
Technology, 45(5), 360-3. Retrieved from
http://search.proquest.com/docview/903774854?accountid=32521
www.interestingspree.com
www.care2.com
www.fanpop.com
www.funventure.blogspot.com
www.nigpost.com
www.popartuk.com
www.wallcycles.com
www.wallsave.com