HIPAA toolbox: 13 steps for a healthy checkup

more+
less-
more+
less-

September 23 is the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule compliance deadline. We have solutions and tools that may help you meet these changes now.

IF YOU ARE A COVERED ENTITY:

1.

Have you identified all Business Associates (BAs)? See our Identifying Business Associates under HIPAA analysis tool.

2.

Have you revised all Business Associate Agreements (BAAs) and entered into them with all BAs whose agreements expire before September 23, 2013, or with whom you do not have BAAs? See our Identifying Business Associates under HIPAA analysis tool.

3.

Have you drafted or revised your notice of privacy practices to comply with the final rule and posted it in your facility and on your website? See our HIPAA Privacy Assessment analysis toolor consult with a DLA Piper lawyer about drafting or tailoring a Notice of Privacy Practices for your business operations.

4.

Have you appointed and trained a Privacy Officer and Security Officer? Consult with a DLA Piper lawyer about drafting or tailoring Privacy and Security Policies and Procedures for Covered Entities for your business operations.

5.

Have you developed forms, such as authorization forms and alternative means of communication forms? See our HIPAA Privacy Assessment analysis tool for more information on developing appropriate forms.

 

IF YOU ARE A BUSINESS ASSOCIATE:

6.

Have you appointed and trained a security officer?  Consult with a DLA Piper lawyer about drafting or tailoring Privacy and Security Policies and Procedures for Business Associates for your business operations.

 

IF YOU ARE A COVERED ENTITY OR A BUSINESS ASSOCIATE:

7.

Have you entered confidentiality agreements with vendors and others who are performing work for you not involving PHI and obtaining satisfactory assurances they will not misuse or disclose the PHI? See our Identifying Business Associates under HIPAA analysis tool, or contact us for more information on confidentiality agreements.

8.

Have you performed a risk / gap analysis regarding your privacy and security practices and procedures? See our HIPAA Privacy Assessment and HIPAA Security Assessment analysis tools or consult with a DLA Piper lawyer about drafting or tailoring Privacy and Security Policies and Procedures for your business operations.

9.

Is your BAA clear about whether the Business Associate will provide patients with access to their PHI, and if so, are all parties clear about patients’ rights to access? See our HIPAA Patients’ Rights to Access Protected Health Records analysis tool.

10.

Have you determined applicability of Privacy Rule Administrative requirements and implemented policies, processes, and procedures that address such requirements and your risk / gap analysis, such as:


Training your workforce

Instituting sanctions for non-compliance

Developing internal reporting processes and compliant anti-retaliation policies

See our HIPAA Privacy Assessment analysis tool consult with a DLA Piper lawyer about drafting or tailoring Privacy Policies and Procedures and HIPAA training materials for your business operations.

11.

Do you understand the HIPAA rules on communicating with patients, including when authorization is required for marketing? See our Using PHI to Communicate With Patients: Is It “Marketing” Under HIPAA? analysis tool.

12.

Have you developed a risk assessment tool for analyzing security incidents and potential breaches? See our HIPAA: To Report or Not To Report analysis tool.

13.

Have you checked into purchasing cyber liability insurance and/or considered requiring coverage from those with whom you contract under HIPAA? Contact us to learn more about cyber liability insurance and coverage.

CONSULT A TRUSTED ADVISOR
Contact us to learn more about:

Identifying Business Associates

Privacy and security policies and procedures for Business Associates

Using PHI to communicate with patients

HIPAA Privacy Assessment

Notice of privacy practices

Privacy policies and procedures

Privacy and security policies and procedures for covered entities

Confidentiality agreements

Training materials

DOWNLOAD THE FULL HIPAA TOOLBOX: