Proactive HIPAA Compliance
Proactive HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law that establishes national standards to protect individuals’ medical records and other personal health information. The law applies to health plans, clearinghouses, health care providers, and related entities conducting health care transactions electronically. The Health and Human Services (HHS) Department implemented the Omnibus Rule in 2013 to strengthen these privacy and security standards. As technology grows in healthcare, understanding HIPAA regulations is increasingly critical for stakeholders. For instance:
HIPAA Requirements for Covered Entities and Business Associates
- Participants in Medicare MIPS and Medicaid Meaningful Use programs must complete and upload the Security Risk Assessment (SRA) upon attestation in most cases. Remediate any deficiencies after completing the SRA.
- Similarly, covered entities must ensure their Business Associates have documentation for HIPAA compliance and accountability.
- Both Covered Entities and Business Associates are vulnerable to audits.
- SRA should be completed at least annually, plus during any significant organizational change.
Key Elements of the HIPAA Compliance Process
HIPAA auditors routinely look for deficiencies and additional documentation to verify your continued and strengthened participation in HIPAA compliance. Below are some of the key requirements from a HIPAA compliance process standpoint.
- Implementation and management of HIPAA policies and procedures, including the definition of requirements
- Evaluation of the organization’s HIPAA compliance status, including documentation of risks and remediation plan/actions
- Identification and documentation of breaches and non-compliance instances about HIPAA’s privacy and security laws, such as logging of issues and reporting
- Central administration of all HIPAA-related data, documentation, and information
- Consistently updated HIPAA agreements between covered entities and business associates.
Self-Assessment Questions for HIPAA Compliance
To evaluate whether you are meeting the minimum requirements for HIPAA compliance, you can ask yourselves the following:
- Did you conduct a Security Risk Assessment in 2019 and address its findings with your IT team?
- If you have a wireless network, are security controls defined and enabled, such as access points and data encryption?
- Do you have an updated HIPAA agreement from each of your Business Associates or Vendors?
- Do you have documentation of what updates or changes have been implemented to improve your HIPAA compliance?
- Are your employees trained regularly on HIPAA compliance and secure technology used to guard against external threats?
If you answered “No” to any of the above questions, you may consider getting some help navigating the HIPAA rules and regulations. You are welcome to get in touch with one of our well-versed HIPAA consultants for a complimentary consultation.
By: Tiffany Short, Director of Consulting Services
Recent Posts
- The Importance of Provider Credentialing in Healthcare | TriumpHealth
- Provider Credentialing 2025 e-Book | TriumpHealth
- Streamlining Dental Credentialing and Maximizing Revenue for Dentists | TriumpHealth
- Adapting to MIPS 2025: Key Reporting Changes and Impacts for Dermatology Practices
- MIPS 2025: A Guide for Eligible Clinicians and Providers
- The Financial and Operational Impact of Credentialing Errors