HIPAA Blog Posts: HIPAA Compliant Checklist
HHS has repeatedly emphasized that HIPAA complance is a process, not an event, but what is the basic process? We call this the Cycle of Compliance and the basic elements are an initial risk assessment, risk remediation, training and awareness and then another risk assessment to measure your progress.
If you store, access, transfer or create PHI you are a target. “Hackers target health care as industry goes digital”, (PC World), “Anthem hack: 'Healthcare is a target'” (Healthcare IT News), “Why Hackers are Targeting The Medical Sector” (Washington Post).
Many small companies avoid a HIPAA risk assessment because they think it is too difficult, too expensive and will reveal their non-compliance. The key is to use an on-line system that allows you to measure, remediate, and measure again so that you can show progress not perfection.
HIPAA Compliance is the industry standard. Your patient medical data or EPHI is worth around $100 per record on the blackmarket. Now according to this New York Times article "Need Some Espionage Done? Hackers Are for Hire Online" criminals don't need hacker skills they can simply hire someone to hack your database.
A HIPAA checklist such as the one we offer for free on our website at www.compliancehelper.com is a useful tool for getting a snapshot view of your HIPAA compliance but it does not assure your on-going compliance like our Compliance Meter ®. The Compliance Meter ® is your assurance that your organization is HIPAA compliant on an on-going basis and that you can prove it. Thus our new product name HIPAAssure™, for which we have applied for a registered trademark, is symbolic of our commitment to on-going compliance.
We provide a free HIPAA checklist for business associates on our website at www.compliancehelper.com but you need to know how this differs from a HIPAA risk assessment.
Here is Health and Human Service quote about HIPAA certification; " It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation."
Our free HIPAA compliance checklist can be a handy quick reference to your current level of HIPAA compliance. With all the changes brought about by the HIPAA Omnibust Rule your policies and procedures may be out of date. So download it today at www.compliancehelper.com/compliance-checklist .
The reasons an organization can't be "Certified HIPAA Compliant" are two fold; HHS has given no one authority to certify, and HIPAA compliance is an on-going, evolving process. A recent article from Scott & Scott LLP entitled "The challenges of compliance" encapsulates this nicely.