Self-Audits
HIPAA requires that you conduct annual audits of your business to assess Administrative, Technical, and Physical gaps in compliance with HIPAA Privacy and Security standards.
HIPAA or Health Insurance Portability and Accountability Act date back to 1996 when lawmakers signed the law to improve the portability and accountability of health insurance coverage for employees between jobs. Later on April 2005, the HIPAA security rule came in force and enforced three security safeguards – administrative, physical and technical – that must be adhered to in full in order to comply with HIPAA. The safeguards had the following goals:
HIPAA requires that you conduct annual audits of your business to assess Administrative, Technical, and Physical gaps in compliance with HIPAA Privacy and Security standards.
Once you’ve identified gaps, you must implement remediation plans to fix your vulnerabilities.
To avoid HIPAA fines and violations in the future, you need to develop Policies and Procedures to address each of the HIPAA regulatory standards. Annual staff training with legal attestation on these Policies and Procedures is also required, in addition to HIPAA 101 training.
Your business must document all efforts that you take to become HIPAA compliant. This documentation is critical during a HIPAA investigation with HHS and must be maintained for 6 years.
You must document all vendors with whom you share PHI, and execute Business Associate Agreements to ensure PHI is handled securely and to mitigate liability.
If your business does happen to have a data breach, you must have procedures in place to track, investigate and report the breach to Axiom.