Enacted in 1996, HIPAA sets the benchmark for businesses in the healthcare industry, ensuring the protection of patient health information. With evolving cybersecurity threats, adhering to HIPAA's standards is more crucial than ever.
While the current HIPAA standard hasn’t been updated since 2013, there is talk that new regulations will emerge in 2021 regarding several post-COVID-19 topics such as:
bringing telehealth into compliance with expanding HIPAA regulationsadjusting to changing clinical trialsencouraging digital relationships while assuring that patient privacy stays protectedFor the HIPAA compliance process as it stands today, five main rules guide HIPAA requirements. They are:
The HIPAA Privacy
Rule
The HIPAA Security
Rule
The Omnibus
Rule
The Breach
Notification Rule
The Enforcement
Rule
Dive deep into the capabilities of our integrated ZenGRC platform, designed to simplify and streamline your HIPAA compliance journey, ensuring you're always audit-ready.
"As we expand our use of ZenGRC, the business value is only going to increase, earning its keep as a strategic asset that's critical to our operations."
"ZenGRC was easy to use, it matched our model for how things ought to be linked & had all the compliance programs we needed. I didn’t find another solution that even came close."
With more than 115 pages of HIPAA requirements to consider, assuring that you’re compliant with each applicable rule can be a challenge.
To help you get started we’ve compiled a checklist from this HIPAA compliance guide:
Indicate in your privacy policy why you’re collecting a patient’s sensitive data and what you plan to do with it.
Be sure that your patients have given you permission to process, store and use their information and have signed your privacy policy notices.
Assign a compliance officer to oversee HIPAA Privacy Rule implementation.
Review your third-party business associate agreements (BAAs) to make sure they require HIPAA-compliant handling of PHI.
Test your processes for honoring patient requests. If patients ask who has seen their health records and when, can you show them?
Check your procedures to assure that you can honor patients’ requests to hide their medical records from view or remove them from your database.
Provide HIPAA compliance training, to educate employees in the proper handling of PHI, including electronic health records.
Set and document your risk management and data security compliance program. Keep detailed records of PHI breaches, noting whom you notified and when, post-breach assessments and remediation efforts.
Undertake regular risk assessments of your organization regarding the privacy and security of PHI and ePHI. A HIPAA security risk assessment checklist can help assure that this assessment meets HIPAA protocols. Where necessary, mitigate the risks you find or adjust your policies.
Set texting, smartphone and email policies to restrict internal and provider-patient text messaging and emails to HIPAA-approved applications only.
Strengthen your controls around the PHI that you store. This might include mobile device and email encryption, firewalls, multi-factor authentication and workforce security training and testing.
Establish technical safeguards around e-PHI, including administrative safeguards like access control and authentication, encryption and decryption, continuous monitoring and auto log-off protocols.
