Your approach to become and maintain HIPAA compliancy requires strategic thinking and agility, blended with constant internal assessments and continuous improvements.
A recommended 5 prong strategy aligns resources to regulatory requirements yielding success through your compliance journey.
1. Create a HIPAA based program. Effective programs start with executive leadership establishing the value of the program through resourcing, cultural alignment, and internal enforcement.
- Create a Compliance Team with operational and technical oversight participants from multiple disciplines within your organization.
- HIPPA Privacy and Security Officer. Roles and titles vary based on your requirements; the key aspect is the authority to manage the program.
- Consider a partner to help build and implement your program.
2. Develop and implement HIPAA policies, procedures, and controls. Effective programs align with requirements, are formal and through.
- Map program elements directly to requirements. Identify how you achieve each requirement.
- Track your program against each mapped item demonstrating compliancy and continuous improvement.
3. Train your staff. Users are weakest element in all programs; an effective training program is essential in improving user behavior and cultural changes.
- Constant training is more effective than a single, annual training session. Consider drip campaigns with periodic updates and areas of focus.
- Target correct training messages to the correct person. Do not let your high level of training information become spam because it does not contain pertinent information to the recipient.
- Leverage multiple methods for training, like formal HIPAA training platforms, newsletters, email, in person, printed, or included in other activities.
- If an incident occurs, turn it into a training opportunity for your users. Share appropriate information with your users.
- Move beyond security and HIPAA topics, train on general systems usage and operational activities.
4. Test your HIPAA and Cybersecurity program.
- Create a formal schedule to assess the effectiveness of your entire program over a one-year period. Create a schedule to test program elements monthly avoiding a single assessment that is often overwhelming.
- Consider higher testing frequency (monthly/quarterly) for higher risk or program elements that need improvement.
- Leverage a partner to complete assessments achieving true objectivity and completeness.
5. Establish and Business Associate program
- Maintain written contracts or other arrangements protecting the privacy of protected health information.
- Take reasonable steps to if you discover a violation of privacy or contracted agreements.
- Review your current program for completeness and compliancy.
- Consider a formal program assessment.
- Identify areas requiring improvement.
- Be strategic, align requirements to resources then roadmap your plan.
- Consider a partner to improve your success.