Step 2: Provide leadership

HIPAA Compliance must be planned and executed by at least one leader.

 

There is much to oversee, including:

  • Development and updating of policies and procedures for protecting information

  • Protocol for receiving complaints and responding to breaches

  • Periodic risk assessments, followed by security measures, to protect against breaches, both electronically and in physical locations

  • Designation of staff members who can access Protected Health Information (PHI), based on work-related need

  • Execution of Business Associate Agreements (BAAs) with outside providers with access to PHI via your organization

 

HIPAA rules distinguish between privacy and security, although the two are related. You need both a Privacy Official and a Security Official, although the same person may fill both roles, depending on the size of your organization.

 

A Privacy Official (or office) is in charge of developing and implementing privacy policies and procedures. This is also the contact person (or contact office) for receiving complaints, as well as for disseminating information on your organization’s privacy practices.

 

The Security Official (or office) is responsible for developing and implementing security policies and procedures, so your organization. It is up to this person (or office) to analyze potential risks, and figure out how to secure information to the greatest reasonable extent.

 

Tools and Resources for Step 2

The two overviews below, in downloadable form, can help Privacy and Security Officers understand their responsibilities.

This 7-page overview, issued in May 2015 and titled HIPAA Basics for Providers, includes:

  • Examples of Records to Retain

  • Breach notification timelines and resources

  • An overview of who must comply with HIPAA rules

HIPAA Basics for Providers

 

The 62-page Guide to Privacy and Security of Electronic Information, issued by HHS in April 2015, includes sections on:

  • Understanding patients’ health information rights

  • Breach notification, HIPAA enforcement, and civil and criminal penalties

  • A chart with examples of potential information security risks with different types of EHR hosts

  • A list titled “Low-Cost, Highly Effective Safeguards”

  • A table on examples of risks and how they might be mitigated

  • Links to games and videos for training workforce

  • Tools for achieving Meaningful Use

Guide to Privacy and Security

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY:  (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.