What does HIPAA Compliance mean for Covered Entities?

The Office for Civil Rights (OCR) has launched Phase 2 of the HIPAA Audit Program. For Covered Entities, these audits will focus on:

  • Device and Media Controls
  • Transmission Security
  • Risk Analysis and Risk Management
  • Safeguards and Training on Policies and Procedures
  • Notice of Privacy Practices and Access Rights
  • Breach Notification Content and Timeliness

So, what should Covered Entities do to prepare for a HIPAA Compliance Assessment?

  • Risk Analysis and Risk Management
    • Conduct a Security Rule Risk Assessment
    • Develop a Risk Management Plan
    • Review Policies and Procedures related to PHI vulnerability, accessibility, and integrity
    • Identify all systems that include PHI
    • Evaluate security measures to reduce risk
  • Breach Reporting (impermissible acquisition, use, access, or disclosure of PHI)
    • Evaluate Policies and Procedures
    • Evaluate Breach Notice content and timeliness
  • Privacy Notice and Access
    • Evaluate Policies and Procedures
    • Evaluate Privacy Notice Practices
    • Evaluate Business Associate Agreements

How is KirkpatrickPrice helping Covered Entities?

KirkpatrickPrice is offering Covered Entities experienced Risk Assessment and Risk Analysis practices. We can also review your policies and procedures, and help with the development of those where you are lacking. Our expert information security personnel and our web-based portal experience helps us to be a good partner to Covered Entities in achieving HIPAA compliance.