Did you know that HIPPA (Health Insurance Portability and Accountability Act) was enacted in 1996? If you are a medical insurance professional or a healthcare professional, your business needs to comply with HIPPA to avoid any legal issues.

We have put together this HIPAA compliance checklist to help you make sure that you are indeed following everything to the T.

Patient Records

Entities that are covered by HIPPA have to establish and implement procedures to create exact copies of protected health information (PHI). Medical practices also have to make those copies retrievable per HIPAA rules.

PHI Backups

All of the backup copies of electronic PHI have to be stored in a different location from the original data source per law. On top of being in a separate place, the backup copies have to be encrypted in order to meet the security measures that are recommended under HIPPA.

Whomever you use for your backup solutions make sure that they support HIPAA compliance as well. Those companies have to implement the right safeguards to make sure confidentiality along with the integrity of the PHI are strictly followed.

Educate Employees

Training and educating employees about patient data safety is part of staying in compliance with HIPPA. Employees have to know how to keep patients’ data protected and safe. As patients are moving from one room to another, employees have to make sure that the patient’s data is being seen by the right people.

If your employees ever have to deal with a workers comp doctor they also have to know and be educated in the proper procedures to ensure that all HIPAA laws are being followed.

Security Rule

The HIPPA security rule sets the standards that have to be applied to protect and safeguard the electronic PHI when it is either in transit or at rest. The three parts to the HIPAA Security Rule are technical safeguards, physical safeguards, and administrative safeguards.

Technical Safeguards

This is the technology that is used to protect the ePHI and gives access to the data. The ePHI is required to be encrypted once it leaves the practice’s internal firewalled servers. In case there is ever a breach this will ensure that the data comes back as unusable and unreadable.

Physical Safeguards

This is where physical access to ePHI is protected. The PHI can be stored in a cloud, on servers, or in a remote data center. The purpose is to make sure that all the data is protected against any unauthorized access.

Administrative Safeguards

This is where a Security Officer and a Privacy Officer have to be assigned to put measures in place to protect the electronic PHI and to govern the conduct of the workforce. These policies and procedures bring the Security Rule and Privacy Rule of HIPAA together.

Ready to Check Off Your HIPAA Compliance Checklist?

Now that you have the HIPAA compliance checklist above, is your medical practice HIPPA compliant? If not all of the above are being followed, you do not have time to waste, it is time to make sure your practice is 100% HIPAA compliant.

Did you find our article helpful for your medical practice? Please check back often and bookmark our site for all things health-related!