HIPAA Privacy and Security Reminders – HIPAA-HITECH Compliance Success Formula

HIPAA Privacy and Security Reminders – HIPAA-HITECH Compliance Success Formula

This entry is part 2 of 10 in the series HIPAA Privacy-Security Reminders

HIPAA-HITECH Compliance Success Formula

HIPAA-HITECH Compliance Success Formula Just about everyone who knows me has probably heard me rail against “checklists” in the context of HIPAA-HITECH privacy and security rule compliance. Well, sort of. There are checklists, after all — they’re called the HIPAA Privacy Rule, HIPAA Security Rule and the HITECH Breach Notification Rule.  This post may serve as a great starting point for your program or as a key part of your HIPAA Privacy and Security Reminders program.

On the other hand, while some may call it a high-level checklist, the Clearwater HIPAA Compliance 9-Step Action plan is a tried and true programmatic approach to becoming and remaining compliant. It is based on deep experience as custodians of the PHI of 40+ million Americans, work with 300+ organizations of all sizes and specific OCR/CMS/OIG audit and investigations in which we supported over twenty customers.

Clearwater Compliance Compass copy

Based on our direct experience with the HIPAA-HITECH compliance enforcement actions, a thorough study of HHS/OCR Resolution Agreements and Corrective Action Plans and the OCR Audit Program Protocol, it is clear that a well-designed and balanced HIPAA-HITECH compliance program comprises the following key elements:

  • Policies – Clearly written and well-communicated
  • Procedures – Specific and documented
  • People – engaged, trained and aware
  • Safeguards – reasonable, appropriate and tested

Following is our Clearwater HIPAA-HITECH Compliance Success Formula:

  1. Set Privacy and Security Risk Management & Governance Program in place (45 CFR § 164.308(a)(1))
  2. Develop & Implement comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (45 CFR §164.530 and 45 CFR §164.316)
  3. Train all Members of Your Workforce (45 CFR §164.530(b) and 45 CFR §164.308(a)(5))
  4. Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
  5. Complete a HIPAA Security Evaluation (= compliance assessment) (45 CFR § 164.308(a)(8))
  6. Complete Technical Testing of Your Environment (45 CFR § 164.308(a)(8))
  7. Implement a Strong, Proactive Business Associate / Management Program (45 CFR §164.502(e) and 45 CFR §164.308(b))
  8. Complete Privacy Rule and Breach Notification Rule compliance assessments (45 CFR §164.500 and 45 CFR §164.400)
  9. Document and act upon a remediation plan

Each one of the above items is a “sub-program” of an overall HIPAA-HITECH compliance program.  Each represents a fair amount of initial work and ongoing monitoring.  Of course, it is very challenging to run your organization and complete all of these items.  Our advice is simple: choose one or two and get to work. Demonstrate seriousness of intent and good faith effort.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Transporting Medical RecordsHIPAA Privacy and Security Reminders – Lost USB Memory Drive Leads to $150k HIPAA Settlement for Small Dermatology Practice >>

Clearwater

Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Avatar

Latest posts by Clearwater (see all)

Posted in
Avatar
Clearwater
Clearwater helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI). We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Subscribe to our newsletter

Our monthly eNewsletter which includes industry articles and white papers that we’ve gathered for you. We’re confident you’ll find a nugget or two among them!

ocr-quality-stamp-tm-home

Clearwater-provided risk analyses have a 100% acceptance rate when submitted to the Office for Civil Rights.

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. 

Show Buttons
Hide Buttons