HIPAA Survival Guide

Key Takeaway:

The HIPAA Survival Guide is a set of practical help guides that seek to make compliance with HIPAA and HITECH easy for providers. This kit is some kind of checklist on what to keep in mind and implement to survive a HIPAA audit.

The HIPAA Survival Guide was created as a need to comply with the HIPAA audit requirements. It evolved as a response to simplifying the HIPAA Privacy Rule and HIPAA Security Rule without its legal complexity. In other words, the framers of this Guide have developed this concept strictly as a guide, rather than as a legally enforceable set of rules.

"Forest from the trees" approach

The HIPAA Survival Guide came into being in order to help users understand HIPAA and HITECH better. The approach the developers of this Guide adapted was what was called the "forest from the trees" way, because the aim was to help users navigate and wade through the complex text. It was aimed at helping them chaff and finesse the parts that required their compliance into simple terms. HIPAA Survival Guide is thus not a strict, legislative Act that lays down rules for conformity. No wonder, it was developed by the joint efforts of a Registered Nurse and an Attorney, who wanted to facilitate a greater understanding of the legislation's audit requirements.

The basis on which this Guide came into existence was the HIPAA and HITECH background. It concerns itself with only the part of HIPAA and HITECH relating to a part of Covered Entities, namely providers. This is deliberate, since the aim of this Guide is to help small providers with guidelines aimed at simplifying their task.

Important steps for HIPAA survival

The fundamental goal of the HIPAA Survival Guide is to equip providers with the knowledge of what needs to be kept in order and fine-tuned if they have to meet regulatory requirements. These are the thumb rules for the HIPAA Survival Guide:

  • Documenting the provider's privacy, security and breach policies and reviewing and updating them from time to time
  • Implementing a foolproof risk mitigation plan
  • Performing a security risk analysis at regular intervals to zero in on any vulnerability and creating an action plan to address these
  • Keeping all actions, correspondences and agreements with the provider's Business Associates up-to-date
  • Training the organization's staff on the steps and they need to know on how to implement HIPAA compliance requirements on protecting PHI and ePHI
  • Updating the provider's risk analysis or risk management plans if the same has not been done for two years or more
Click Here to Explore More