HIPAA Tip: Hassle-Free HIPAA Compliance

I know what you’re thinking – is this possible? How great would my life be as the privacy, security and/or compliance officer if this were the case!

Healthcare organizations have to look at HIPAA – the rules, requirements, implementation specifications, policies and procedures – and not become overwhelmed with what needs to be in place.

First, no matter how large or small your organization is, enlist others to assist: build a compliance team. In doing this all the heavy lifting doesn’t fall on one person. More importantly, you are combining talents along with awareness when others are involved.

As we always say conduct the annual HIPAA Security Risk Analysis (yes, a requirement under HIPAA). Once this is completed review the categories that have high and medium risks – begin your compliance process addressing these issues first.

· If there is a technical area that needs addressing, whether this is replacing an older security solution or even device, ask for recommendations from your IT department on how to add another layer of protection: Endpoint Detection and Response, multi-factor authentication.

· Are there areas within the facility that could have better physical security? Have we changed locks recently or reset alarm codes if these are universal? Would a small investment for privacy screens make sense, especially in areas with public traffic? Has the organization secured the server or network room, with very limited staff access?

· Review and update employee and compliance manuals to reflect the HIPAA Security Rule’s required policies and

procedures (Pnps). Have staff sign off on Pnps that include them in the business operations whenever updated, or ideally, annually.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.


Dawn Meglino

HIPAA Compliance Specialist, CHPSE, CCSA, CCAP