emPower

What is Hipaa Compliance ? What are the checklists + Objectives + Rules & more

Download Infographics

What is Hipaa Compliance

What is Hipaa Compliance

HIPAA compliance is adherence to the physical, administrative, and technical safeguards outlined in HIPAA, which covered entities and business associates must uphold to protect the integrity of Protected Health Information (PHI).

HIPAA Compliance Checklist

HIPAA Compliance Checklist

  • Establish a HIPAA Compliance Committee
  • Review HIPAA guidelines
  • Perform gap analysis to identify areas of concern
  • Build and execute a plan to address security gaps
  • Review key vendors’ interactions with PHI
  • Perform ongoing monitoring and audits
  • Establish data breach incident response protocols
  • Perform HIPAA training
  • Regularly evaluate compliance and review HIPAA updates
  • Ask subject matter experts for assistance

Objectives of HIPAA Training

Objectives of HIPAA Training

  • HIPAA training is designed with specific goals in mind:
  • Educating employees about the nature and purpose of HIPAA.
  • Informing them about patients’ rights.
  • Teaching the significance of keeping medical data confidential.
  • Making them aware of the repercussions of failing to comply.

The Objective of HIPAA Workforce Training

The Objective of HIPAA Workforce Training

  • Minimize Chances of Unintentional HIPAA Breaches
  • Building Patient Confidence through Staff Education
  • Lowering the Likelihood of Information Security Incidents
  • Showcasing Commitment to Complying with Regulations

Three Rules of HIPAA

HIPAA Privacy Rule

  • Ensure patient confidentiality
  • Keep track of disclosures
  • Disclose the minimum amount of information
  • Notify individuals of the uses of their PHI

HIPAA Security Rule

Implement and maintain best practices to protect patients PHI and ePHI with:

  • Administrative safeguards
  • Physical Safeguards
  • Technical safeguards

Breach Notification Rule

Report on data breaches within 60 days of discovery (for large breaches) or 60 days of the end of the calendar year (for small breaches) to:

  • Regulating body OCR
  • All impacted individuals
  • In large breaches, the media

HIPAA Breach Notification Rule

HIPAA Breach Notification Rule

  • Provide Individual notice to affected Individuals
  • Provide notice to media in certain cases
  • Notify the secretary via HHS

Penalty for Ignoring the Breach Notification

1. If Under 500 People are affected

  • Notify affected people within 60 days of the breach
  • Notify HHS within 60 days of the end of the year in which the breach was identified

2. If above 500 people are affected

  • Notify affected people within 60 days of the breach
  • Notify HHS within 60 days of the breach
  • Notify a major print broadcast media outlet in your region within 60 days of the breach

Who Needs to Comply with HIPAA?

Who Needs to Comply with HIPAA?

Any organization or person who works in or with the healthcare industry or who has access to protected health information.

This includes:

  • Healthcare Providers
  • Employer Group Health Plans
  • Health Insurance Companies
  • Healthcare Clearinghouses
  • Business Associates

Advantages of HIPAA Compliance include

Advantages of HIPAA Compliance include:

  • Strengthening Cybersecurity Measures
  • Safeguarding the Privacy of Patients
  • Preventing Substantial Fines and Penalties
  • Fostering a Culture of Patient Safety

Which industries require HIPAA training?

Which industries require HIPAA training?

HIPAA training is necessary for everybody who comes into contact with PHI i.e. members of the workforce of covered entities and their business associates, contractors, students, and volunteers.

Download Infographics

Like this post? Subscribe to receive updates directly in your inbox.