Contact Us Today!   314.394.3001   |   info@andersontech.com
Anderson Technologies
  • Home
  • Services
    • Overview
    • Managed IT Services
    • Cyber Security
    • System Administration
    • HIPAA Compliance Services
    • Ransomware Protection
    • Hardware & Software Consulting
    • Cloud Computing Services
    • Web Design
    • Anderson Archival
  • Industries
    • IT Support for Accountants
    • IT Support for Dental Offices
    • IT Support for Financial Services
    • IT Support for Architects and Engineers
    • IT Support for Manufacturing
    • IT Support for Nonprofits
  • Learn
    • What Are the Biggest Mobile Security Threats of 2020?
    • What Are Mobile Security Best Practices?
    • Battle of the Brands: Microsoft’s Office 365 vs. Google’s Workspace
    • What Does a Firewall Do for a Network?
    • How to Maintain Security When Employees Work Remotely
    • How to Protect Your Data from Ransomware
    • Comparing Mobile OS
    • What Is Phishing?
    • How to Identify Phishing and BEC Scam Emails
    • What Is MFA And Why Do I Need It?
    • How to Reduce Risk and Secure Your Internet of Things Devices
  • Training
  • Resources
    • Free Ebooks
    • Webinar: Cyber Security at Home: Protecting Your Business & Family
    • Newsletter Sign Up
  • About
    • About Us
    • What Our Clients Have To Say
    • Careers
  • Press
  • Blog
  • Contact
    • Contact Us
    • Free Consultation
    • HIPAA Services Inquiry
  • Help
  • Menu Menu

HIPAA Part 7: Getting Started

July 9, 2019/in Data Security, General, How To, Managed Services /by Shana Scott

We’ve come to the end of our HIPAA series, and if you’ve been following along, you might feel overwhelmed by the prospect of becoming HIPAA compliant. There’s a lot to do if you’re just starting out. Keep in mind that by creating a culture of compliance, it becomes easier to verify that you’re following the Security and Privacy Rules in the future. Instead of creating policies, you’ll be updating them. Instead of choosing technical safeguards, you’ll be evaluating what’s already in place. Once you are HIPAA compliant, it’s easy to stay HIPAA compliant.

Tips for Beginners

For those of you tackling HIPAA for the first time or those whose current HIPAA compliance program isn’t doing enough, here are a few tips to help you start the process.

Know what you have—The start of any HIPAA compliance program is determining what PHI and ePHI you have, what programs or processes access that information, and what policies or safeguards are already in place to protect it. Without knowing that, you can’t know what needs to be fixed.

Perform the SRA first—It’s the first security standard for a reason. A complete and thorough Security Risk Analysis is critical to compliance, and you’ll find that during the SRA process you’ll address many of the other standards in the Security Rule. If you don’t feel you can perform this on your own, it may be beneficial to call in an outside consulting company to help you.

Document everything—Get used to this right away. You must not only become compliant, but you need to prove that you are compliant, and that is done through documentation. Be careful you don’t fall into the trap of “paper compliance,” where you have the documentation but fail to follow through in everyday practice. A policy is useless if it’s not implemented.

Accept that it’s a process—Compliance doesn’t happen overnight. From the SRA to the documentation to the evaluations, compliance takes time. It is a continuous process of monitoring and updating to ensure the privacy and security of PHI.

Get everyone on the same page—Training on HIPAA needs to happen from top to bottom. This helps create a culture of compliance that will make ongoing compliance efforts easier. If those in leadership positions understand why it’s important to be HIPAA compliant, appropriate policies and procedures can be created and the budget adjusted according to needs. When employees know the rules to ensure the confidentiality, integrity, and availability of PHI, there is less chance that an avoidable breach will happen.

There is no one prescriptive way to go about HIPAA compliance. HIPAA is designed to be vague enough that any size or type of business can adopt the same requirements. This allows each business the freedom to implement in the way that best fits them, but it also requires that you take responsibility for the decisions you make. With that said, following a logical HIPAA compliance plan will help determine the most reasonable and appropriate measures for your business in a straightforward way. Compliance is always easier with a plan.

HIPAA Resources

Knowing where to go for information can assist any Compliance Officer in their efforts to become HIPAA compliant. Below is a collection of the resources found throughout this series.

HIPAA

  • The HITECH Act https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html
  • The OMNIBUS Rule https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/omnibus-hipaa-rulemaking/index.html
  • HHS Breach Database https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Introduction to the Security Rule

  • HHS Security Series https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html
  • NIST Introductory Guide to HIPAA https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-66r1.pdf

Security Risk Analysis

  • ONC Myths of the SRA https://www.healthit.gov/topic/privacy-security-and-hipaa/top-10-myths-security-risk-analysis
  • SRA Tool https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool
  • SRA Videos https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-videos
  • Privacy and Security Training Games https://www.healthit.gov/topic/privacy-security-and-hipaa/privacy-security-training-games
  • HHS Security Series – SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf?language=es
  • ONC Guide to Privacy and Security of ePHI https://www.healthit.gov/sites/default/files/pdf/privacy/privacy-and-security-guide.pdf
  • HHS Guide on SRA https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf
  • NIST Managing Information Security Risk https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
  • NIST Guide to Conducting Risk Assessments https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

Contingency Plans

  • HHS Emergency Preparedness https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/index.html
  • Homeland Security Cybersecurity Insurance https://www.dhs.gov/cisa/cybersecurity-insurance
  • Cost of Data Breach Study https://securityintelligence.com/series/ponemon-institute-cost-of-a-data-breach-2018/
  • HHS Encryption Guidance https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
  • HHS Breach Notification https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html
  • HHS Ransomware and HIPAA https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
  • DOJ Protect from Ransomware https://www.justice.gov/criminal-ccips/file/872771/download

 

Contact Us

Tags: guide, hipaa
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Reddit
  • Share by Mail
You might also like
New ebook Available: Get Hip to HIPAA: A Beginner’s Guide to HIPAA Compliance
HIPAA Part 4: Risky Business
Get Hip to HIPAA!
Password Safety Cyber Security Change Your Passwords: Follow the Best New Policies
st. louis cybersecurity A Guide to Employee Cyber Security Training
Public Wi-Fi Small Business Public Wi-Fi Puts Your Business at Risk: 9 Tips for Mitigating the Threat

Newsletter Signup



Recent Posts

  • Byte-Size Tech: Insure Against Tech Disaster
  • Work From Home – Who’s Flipping to Hybrid?
  • Byte-Size Tech: Don’t Get Zoom-Bombed!
  • 5 Tips for Security-Conscious Zooming
  • Byte-Size Tech: Employee Training Can Make Or Break Your Cybersecurity

Seeking IT support and managed services?
Get a free consultation today.

Contact Us

  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
ATI Logo
Phone: 314.394.3001
Email: info@andersontech.com

13523 Barrett Parkway Dr
Suite 120
St. Louis, MO 63021



© - Anderson Technologies
  • Home
  • Services
  • Resources
  • About
  • Blog
  • Contact
  • Help
  • Privacy Policy
Tired of Waiting to Work? Plan for Natural Disaster: Small Businesses in St. Louis
Scroll to top
We use cookies to understand how you use our site. Click Accept to confirm your approval of this, or learn more in our Privacy Policy. Accept Privacy Policy
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

SAVE & ACCEPT