How to audit your HIPAA Compliance?

We have prepared a set of tools to help you audit and setup for the future of healthcare in the telehealth era we are already living…
PDF file

HIPAA Guide PDF file

PDF file

HIPAA Checklist PDF file

PDF file

HIPAA and Remote Work PDF file

Historically, HIPAA compliance and remote work have been a challenge to reconcile, but with this new way of life we must all adapt. Specifically, healthcare organizations and companies dealing with PHI must figure out solutions to comply with HIPAA and continue with business. While many businesses are struggling to bring the work dynamic of office life home, they are also finding benefits to a remote workforce such as reducing the employer’s costs or increasing productivity and flexibility in providing services.
2020 has brought new updates to HIPAA rules and standards, although some have already wavered, we suggest you follow the recommendations for self-auditing and the due diligence of your business associates. We will all focus on scalability and being able to respond in a timely fashion to the demand, however, any new resources and partners need to be vetted systematically. In case you want to consult with someone prior to setting up your own self-audit, reach out to our team and we will help you map out and design the processes that will ensure your compliance.

Who has to be HIPAA Compilant?

Logo

providers

Logo1

Health plans

Logo2

clearinghouses

Logo3

business associates

Some of the most important elements of your HIPAA audit

Security Rule

Technical Safeguards

Access Control

Data Integrity

Audit Controls

Authentication and Authorization

Transmission Security

Physical Safeguards

Facility Access Controls

Device and Media Controls

Workstation Use and Security

Administrative Safeguards

Security Management Process

Workforce Security

Information Access Management

Security Awareness and Training

Contingency Planning

Maintaining Documentation

Privacy rule

There are three fundamental rights.

1. The right to authorize disclosure of their health information and records.

2. The right to request and examine a copy of their health records at any time.

3. Patients have the right to request corrections to their records as needed.

Breach Notification Rule

The HIPAA Breach Notification Rule protects PHI by holding covered entities accountable. It also ensures that patients are notified if their personal health information has been compromised.

It is possible that a breach may occur, even when security measures are in place, and if it does, the HIPAA Breach Notification Rule specifies how covered entities should deal with it.

Do a deep dive into all listed above by downloading our HIPAA guide
Privacy Image

The HIPAA privacy and security rules do not prohibit remote access. These rules apply to the employees of a covered entity regardless of whether the work is performed in the office, or elsewhere.

However, HIPAA requires that organizations develop mechanisms to address the increasing risks of PHI data exposure. These risks include the following:

• Lost or stolen unencrypted portable devices (laptops, phones, etc.)

• Low security practices at home that can lead to the unintended exposure of PHI to family members

• Unauthorized download of electronic PHI to unauthorized or unprotected devices

• Unauthorized printing of electronic PHI

• Inadequate virus protection on a home network

• Disasters at remote sites

In order to address the HIPAA requirements, organizations can implement technological safeguards. In the absence of technological safeguards, compliance can be achieved through administrative safeguards (policies, procedures, employee education, etc.).

DO A DEEP DIVE INTO OUR EBOOK: HIPAA AND REMOTE WORK

HIPAA Software Development Checklist

  • Access Control
  • Audit Controls
  • Data Integrity
  • Person or Entity Authentication
  • Transmission Security
  • Data Backup and Storage
  • Data Breach Notification
  • Privacy Rules
Download our HIPAA Checklist ebook to run through your first executive audit

Learn more about our engagement model, or schedule a deep dive with our Tech Team who can help you audit the complexity of the challenges you are encountering.