Most organizations took steps to comply with HIPAA Privacy and Security Rules when they were initially effective. However, every organization approached Privacy and Security compliance in a different manner. With the changes made by the HITECH Act and the final regulations in January of 2013, you need to revisit your compliance steps to ensure you meet all the new requirements. The final regulations made material changes to the breach reporting and investigation process. In addition, most business associate agreements will need to be updated as will Privacy Notices.

Since compliance is specific to each individual organization and how they handle information, this content is designed to cover all the nuts and bolts associated with HIPAA Privacy and Security compliance.

Start by downloading the Action Plan. The Action Plan is in a Word format and it makes sense to use it to walk through all the individual steps associated with compliance. It is also color-coded for steps that will be generally handled by HR and steps that will generally be handled by IT. Any new requirements or requirements that must be revisited as result of the final regulations will be in “red font”.

The remaining information is designed to provide help as your organization walks through the compliance steps:

  • Samples includes all kinds of sample documents that will be helpful in complying with Privacy and Security.
  • Guidance contains all the major pieces of guidance related to both HIPAA’s Privacy and Security Rules.
  • Training contains general training you can use to help educate your health plan workforce about Privacy and Security.
  • The Rules stresses the importance of documenting almost all aspects of compliance. It is a good practice to keep documentation as you walk through the compliance process.

When you complete the action plan, take a minute to complete the “HIPAA Privacy and Security Action Plan Checklist” to make sure your organization did not overlook any key compliance steps.

Action Plan