There are just a few requirements in the statutes, like too many to count along with various interpretations and opinions. The Federal Government is famous for many things, but specificity is not one of them. So maybe you got the silly idea that you could figure out what is critically important and make certain at least that stuff is done.
So, HCP has done it for you. We will not mislead you. The law is the law and it has requirements and they are all important. However, these three things are critical:
- Implemented Policies and Procedures-
Without these, you have no compliance plan. They must be written and everyone must be trained on them. Speaking of written, training records must be kept to prove that everyone in a practice has read your policies and procedures. You can't force people to do this, but you can terminate your relationship with them if they choose not to do it.
- A Completed and Current Security Risk Analysis-
Have you ever been figuratively bitten on your rear extremity.? It hurts. And in this case, it can hurt to the tune of thousands of dollars, or worse. A comprehensive gap analysis can, in the worst case, save your practice; and in the best case, make it easier to sleep at night. Yes, you might very well create some work for yourself in reacting to any deficiencies you uncover, but isn't it better to know what's wrong or missing than to be stupid and at risk?
- Documentation of Everything-
You know the adage, "if it isn't written down, it didn't happen?" (wouldn't it be nice if that were literally true, considering some of the things you did in your younger days?) Anyway.a suspected incident, a breach, a needlestick, a disclosure, a mailing, email, voicemail or FAX error, etc., all need to be documented, along with the corrective action(s) taken. If you have a question about the importance of any event, document it.. every time. The rule is: it's all important. This policy can literally be invaluable when and if proof is required. Documenting keeps you safe.
Why These 3 HIPAA Security Components?
When it comes to HIPAA, it can be complex, confusing, and downright frustrating. After reviewing the technical, administrative, and physical requirements of HIPAA security, you may have a massive headache. At Healthcare Compliance Pros, our goal is to focus on making HIPAA compliance easier to navigate. Our program makes it easier for each employee at your practice to understand their role in securing PHI. We help you stay on top of HIPAA requirements and improve the PHI security within your organization.