Organizations who work with protected health information (PHI) are most likely familiar with HIPAA and understand that Privacy, Security and Omnibus Rule requirements must be met in order to achieve compliance. But what does “compliance” mean, and how does a business go about attaining it?

The very short answer is that you must have appropriate physical, technical, and administrative safeguards, policies and procedures, and network security controls in place to pass a HIPAA audit. In order to understand and fulfill the requirements in their entirety, it is necessary to designate a privacy and security officer who will own the organization’s compliance plan. The second most important step is to conduct a risk assessment of the organization’s facilities and IT infrastructure with the goal of identifying potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI.

The result of the risk assessment should be a comprehensive roadmap for achieving compliance. The compliance program should include policies and procedures to reinforce the protection and security of PHI, a contingency plan, and security awareness training for employees.

This is by no means an exhaustive list of HIPAA requirements, which is why many organizations choose to partner with an external audit or consulting firm that can perform objective assessments and guide remediation activities. Having dedicated HIPAA professionals on your side will alleviate the burden and guesswork of performing testing in-house. Contact Securance to learn more about how our subject matter experts can help you achieve and maintain compliance.