So, your practice may have achieved the coveted HIPAA compliance. Congratulations – now you must maintain it!
Maintaining a consistent HIPAA compliance program is a critical part of ongoing compliance, which includes documentation, proactive risk management, privacy and security operations and periodic self-audits.
7 Steps of HIPAA Compliance Maintenance
- Promote and nurture culture of compliance within your business by constantly performing and highlighting acts of compliance.
- Document all actions and privacy and security information, create an index for future use and keep the records for minimum of six years.
- Be able to easily access and make available all HIPAA related documentation, including breach analysis, regardless of incidents being determined to be breaches or not.
Work to have all of your Business Associates(or sub-contractors) that manage patient data become and maintain correct compliance. Remember, you must have a signed HIPAA Business Associate Agreement with every vendor that gets in contact with your PHI – and don’t forget about each new BA that you work with after you brought your practice to compliance standards.
Conduct thorough investigations of privacy or security incidents that could be a breach and report determined breaches correctly to the Federal government, State governments and the patients.
- Constantly strive for better performance and efficiency, increased technology and privacy and security safeguards; stay proactive in lowering any potential risk.
- Stay informed about changes to HIPAA and cases that illustrate issues and solutions to privacy and security challenges. We recommend HIPAA Journal and HIPAA News Releases & Bulletins by HHS