Conduct an audit to determine where PHI is created, received, stored, or transmitted, and how it is shared with Business Associates.(Developing policies that restrict the flow of information can negatively impact healthcare operations.) Understand what PHI is – and what it isn´t.If required to comply with any Security Rules, appoint a Security Officer.If required to comply with any Privacy Rules, appoint a Privacy Officer.
Establish whether or not your organization is required to comply with HIPAA and, if so, which Rules apply to your organization’s operations.It can also be important for organizations to understand the compliance obligations of business partners to ensure they are HIPAA compliant when necessary. The purpose of a HIPAA compliance checklist is to ensure that organizations subject to the Administrative Simplification provisions of HIPAA are aware of which provisions they are required to comply with, and how best to achieve – and maintain – HIPAA compliance. Being aware of your compliance obligations and those of your business partners can be vital because, in the event of a HIPAA violation, ignorance of the HIPAA requirements is not an acceptable defense against enforcement action.Īlthough the majority of enforcement actions do not result in civil monetary penalties, complying with a corrective action plan (the most common violation resolution) will incur indirect costs and disrupt business activities.