HIPAA is intended to keep protected health information (PHI) safe and secure. HIPAA compliance is essential for covered entities and business associates and means abiding by the HIPAA Rules. Your company must implement and document comprehensive administrative, physical, and technical security safeguards.
Sound complicated? Our HIPAA compliance checklist will help simplify your path to compliance.
Perform a readiness assessment and evaluate your security against HIPAA requirements
Review the U.S. Dept of Health and Human Services Office for Civil Rights Audit Protocol
Perform and document ongoing technical and non-technical evaluations, internally or in partnership with a third-party security and compliance team like Vanta
Document every step of building, implementing, and assessing your compliance program
Vanta’s automated compliance reporting can streamline planning and documentation
Designate an employee as your HIPAA Compliance Officer
Distribute HIPAA policies and procedures and ensure staff read and attest to their review
Thoroughly document employee training processes, activities, and attestations
Ensure that staff understand what constitutes a HIPAA breach, and how to report a breach
Implement systems to track security incidents, and to document and report all breaches
Annually assess compliance activities against theHIPAA Rules and updates to HIPAA
Build a year-round risk management program and integrate continuous monitoring
Understand the ins and outs of HIPAA compliance— and the costs of noncompliance